diff --git a/2001/0xxx/CVE-2001-0464.json b/2001/0xxx/CVE-2001-0464.json index 0b31ee90d55..3413846b5f8 100644 --- a/2001/0xxx/CVE-2001-0464.json +++ b/2001/0xxx/CVE-2001-0464.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010417 Cyberscheduler remote root compromise", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98761402029302&w=2" - }, - { - "name" : "2628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010417 Cyberscheduler remote root compromise", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98761402029302&w=2" + }, + { + "name": "2628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2628" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0502.json b/2001/0xxx/CVE-2001-0502.json index d4a901ee545..e99928dbddd 100644 --- a/2001/0xxx/CVE-2001-0502.json +++ b/2001/0xxx/CVE-2001-0502.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-036", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-036" - }, - { - "name" : "L-101", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-101.shtml" - }, - { - "name" : "win2k-ldap-change-passwords(6745)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6745" - }, - { - "name" : "2929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-036", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-036" + }, + { + "name": "2929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2929" + }, + { + "name": "L-101", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-101.shtml" + }, + { + "name": "win2k-ldap-change-passwords(6745)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6745" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0602.json b/2001/0xxx/CVE-2001-0602.json index 14cd693a995..93f49a18d00 100644 --- a/2001/0xxx/CVE-2001-0602.json +++ b/2001/0xxx/CVE-2001-0602.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010411 def-2001-20: Lotus Domino Multiple DoS ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html" - }, - { - "name" : "lotus-domino-device-dos(6348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-domino-device-dos(6348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6348" + }, + { + "refsource": "BUGTRAQ", + "name": "20010411 def-2001-20: Lotus Domino Multiple DoS", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0589.json b/2008/0xxx/CVE-2008-0589.json index 43fe85e4dd2..4d1f552e96f 100644 --- a/2008/0xxx/CVE-2008-0589.json +++ b/2008/0xxx/CVE-2008-0589.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4075", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4075" - }, - { - "name" : "IZ11242", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ11242" - }, - { - "name" : "IZ11243", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ11243" - }, - { - "name" : "IZ11244", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ11244" - }, - { - "name" : "IZ12745", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ12745" - }, - { - "name" : "27434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27434" - }, - { - "name" : "ADV-2008-0261", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0261" - }, - { - "name" : "1019265", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019265" - }, - { - "name" : "28609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28609" - }, - { - "name" : "aix-ps-information-disclosure(39911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28609" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4075", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4075" + }, + { + "name": "IZ11242", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ11242" + }, + { + "name": "IZ12745", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ12745" + }, + { + "name": "27434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27434" + }, + { + "name": "1019265", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019265" + }, + { + "name": "IZ11244", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ11244" + }, + { + "name": "ADV-2008-0261", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0261" + }, + { + "name": "aix-ps-information-disclosure(39911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39911" + }, + { + "name": "IZ11243", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ11243" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0802.json b/2008/0xxx/CVE-2008-0802.json index 783e96cb0a9..77fd39f42d5 100644 --- a/2008/0xxx/CVE-2008-0802.json +++ b/2008/0xxx/CVE-2008-0802.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5120", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5120" - }, - { - "name" : "27805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27805" - }, - { - "name" : "28962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28962" - }, - { - "name" : "mediaslide-index-sql-injection(40517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5120", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5120" + }, + { + "name": "mediaslide-index-sql-injection(40517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40517" + }, + { + "name": "28962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28962" + }, + { + "name": "27805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27805" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1040.json b/2008/1xxx/CVE-2008-1040.json index a85ca4cea73..2aec9c073f4 100644 --- a/2008/1xxx/CVE-2008-1040.json +++ b/2008/1xxx/CVE-2008-1040.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html" - }, - { - "name" : "27966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27966" - }, - { - "name" : "ADV-2008-0662", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0662" - }, - { - "name" : "29088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27966" + }, + { + "name": "ADV-2008-0662", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0662" + }, + { + "name": "29088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29088" + }, + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1211.json b/2008/1xxx/CVE-2008-1211.json index 013569362ef..9576c4971a0 100644 --- a/2008/1xxx/CVE-2008-1211.json +++ b/2008/1xxx/CVE-2008-1211.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter in calendar.php and (2) the category parameter in calendar_search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28117" - }, - { - "name" : "29255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29255" - }, - { - "name" : "bosdates-type-category-xss(41020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter in calendar.php and (2) the category parameter in calendar_search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29255" + }, + { + "name": "bosdates-type-category-xss(41020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41020" + }, + { + "name": "28117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28117" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1799.json b/2008/1xxx/CVE-2008-1799.json index d0a3532b9ca..6d032ce6fb6 100644 --- a/2008/1xxx/CVE-2008-1799.json +++ b/2008/1xxx/CVE-2008-1799.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5360", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5360" - }, - { - "name" : "28623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28623" - }, - { - "name" : "sabrosus-thumbnails-file-include(41672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28623" + }, + { + "name": "sabrosus-thumbnails-file-include(41672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41672" + }, + { + "name": "5360", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5360" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5467.json b/2008/5xxx/CVE-2008-5467.json index 1468a051cf6..1a9c6ec4cf6 100644 --- a/2008/5xxx/CVE-2008-5467.json +++ b/2008/5xxx/CVE-2008-5467.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5467", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5467", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5509.json b/2008/5xxx/CVE-2008-5509.json index 7f7d9401848..a08c5ed1782 100644 --- a/2008/5xxx/CVE-2008-5509.json +++ b/2008/5xxx/CVE-2008-5509.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5509", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5509", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5844.json b/2008/5xxx/CVE-2008-5844.json index ef13bd31273..5cedd8efc7b 100644 --- a/2008/5xxx/CVE-2008-5844.json +++ b/2008/5xxx/CVE-2008-5844.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.php.net/bug.php?id=42718", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=42718" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php#5.2.8", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.2.8" - }, - { - "name" : "http://www.php.net/archive/2008.php#id2008-12-07-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2008.php#id2008-12-07-1" - }, - { - "name" : "http://www.php.net/archive/2008.php#id2008-12-08-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2008.php#id2008-12-08-1" - }, - { - "name" : "http://bugs.php.net/bug.php?id=46759", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=46759" - }, - { - "name" : "32673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32673" - }, - { - "name" : "1021393", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/archive/2008.php#id2008-12-08-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2008.php#id2008-12-08-1" + }, + { + "name": "http://www.php.net/archive/2008.php#id2008-12-07-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2008.php#id2008-12-07-1" + }, + { + "name": "1021393", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021393" + }, + { + "name": "32673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32673" + }, + { + "name": "http://www.php.net/ChangeLog-5.php#5.2.8", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.2.8" + }, + { + "name": "http://bugs.php.net/bug.php?id=46759", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=46759" + }, + { + "name": "http://bugs.php.net/bug.php?id=42718", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=42718" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0527.json b/2013/0xxx/CVE-2013-0527.json index c6fd088027a..41f9ad38d76 100644 --- a/2013/0xxx/CVE-2013-0527.json +++ b/2013/0xxx/CVE-2013-0527.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640356", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640356" - }, - { - "name" : "IC90479", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479" - }, - { - "name" : "sterling-cve20130527-info-disclosure(82609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356" + }, + { + "name": "IC90479", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479" + }, + { + "name": "sterling-cve20130527-info-disclosure(82609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0828.json b/2013/0xxx/CVE-2013-0828.json index b3e69b5809c..e3bcb40a072 100644 --- a/2013/0xxx/CVE-2013-0828.json +++ b/2013/0xxx/CVE-2013-0828.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=162153", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=162153" - }, - { - "name" : "oval:org.mitre.oval:def:16272", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16272", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16272" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=162153", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=162153" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3040.json b/2013/3xxx/CVE-2013-3040.json index 060379a5eba..f0d1dc9467b 100644 --- a/2013/3xxx/CVE-2013-3040.json +++ b/2013/3xxx/CVE-2013-3040.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21646136", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21646136" - }, - { - "name" : "61755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61755" - }, - { - "name" : "infosphere-cve20133040-info-disclosure(84765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21646136", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646136" + }, + { + "name": "61755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61755" + }, + { + "name": "infosphere-cve20133040-info-disclosure(84765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84765" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3111.json b/2013/3xxx/CVE-2013-3111.json index c52ae05e4d0..38ec89d516f 100644 --- a/2013/3xxx/CVE-2013-3111.json +++ b/2013/3xxx/CVE-2013-3111.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3123." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40907", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40907/" - }, - { - "name" : "http://blog.skylined.nl/20161212001.html", - "refsource" : "MISC", - "url" : "http://blog.skylined.nl/20161212001.html" - }, - { - "name" : "http://packetstormsecurity.com/files/140124/Microsoft-Internet-Explorer-9-IEFRAME-CSelectionInteractButtonBehavior-_UpdateButtonLocation-Use-After-Free.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140124/Microsoft-Internet-Explorer-9-IEFRAME-CSelectionInteractButtonBehavior-_UpdateButtonLocation-Use-After-Free.html" - }, - { - "name" : "MS13-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047" - }, - { - "name" : "TA13-168A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A" - }, - { - "name" : "oval:org.mitre.oval:def:16708", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3123." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40907", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40907/" + }, + { + "name": "TA13-168A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A" + }, + { + "name": "MS13-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047" + }, + { + "name": "http://blog.skylined.nl/20161212001.html", + "refsource": "MISC", + "url": "http://blog.skylined.nl/20161212001.html" + }, + { + "name": "oval:org.mitre.oval:def:16708", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16708" + }, + { + "name": "http://packetstormsecurity.com/files/140124/Microsoft-Internet-Explorer-9-IEFRAME-CSelectionInteractButtonBehavior-_UpdateButtonLocation-Use-After-Free.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140124/Microsoft-Internet-Explorer-9-IEFRAME-CSelectionInteractButtonBehavior-_UpdateButtonLocation-Use-After-Free.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3720.json b/2013/3xxx/CVE-2013-3720.json index 36708f4115e..08e919cd32b 100644 --- a/2013/3xxx/CVE-2013-3720.json +++ b/2013/3xxx/CVE-2013-3720.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.darksecurity.de/advisories/2013/SSCHADV2013-004.txt", - "refsource" : "MISC", - "url" : "http://www.darksecurity.de/advisories/2013/SSCHADV2013-004.txt" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb&old=689612&new_path=%2Ffeedweb&new=689612", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb&old=689612&new_path=%2Ffeedweb&new=689612" - }, - { - "name" : "http://wordpress.org/extend/plugins/feedweb/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/feedweb/changelog/" - }, - { - "name" : "52855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.darksecurity.de/advisories/2013/SSCHADV2013-004.txt", + "refsource": "MISC", + "url": "http://www.darksecurity.de/advisories/2013/SSCHADV2013-004.txt" + }, + { + "name": "52855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52855" + }, + { + "name": "http://wordpress.org/extend/plugins/feedweb/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/feedweb/changelog/" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb&old=689612&new_path=%2Ffeedweb&new=689612", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb&old=689612&new_path=%2Ffeedweb&new=689612" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4188.json b/2013/4xxx/CVE-2013-4188.json index fd18d049dcf..640c9d1d78f 100644 --- a/2013/4xxx/CVE-2013-4188.json +++ b/2013/4xxx/CVE-2013-4188.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to \"retrieving information for certain resources.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q3/261" - }, - { - "name" : "http://plone.org/products/plone-hotfix/releases/20130618", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone-hotfix/releases/20130618" - }, - { - "name" : "http://plone.org/products/plone/security/advisories/20130618-announcement", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone/security/advisories/20130618-announcement" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=978449", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=978449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to \"retrieving information for certain resources.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://plone.org/products/plone/security/advisories/20130618-announcement", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" + }, + { + "name": "http://plone.org/products/plone-hotfix/releases/20130618", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone-hotfix/releases/20130618" + }, + { + "name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q3/261" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=978449", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978449" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4190.json b/2013/4xxx/CVE-2013-4190.json index 52843b9ca67..7a0b8cbbe81 100644 --- a/2013/4xxx/CVE-2013-4190.json +++ b/2013/4xxx/CVE-2013-4190.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q3/261" - }, - { - "name" : "http://plone.org/products/plone-hotfix/releases/20130618", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone-hotfix/releases/20130618" - }, - { - "name" : "http://plone.org/products/plone/security/advisories/20130618-announcement", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone/security/advisories/20130618-announcement" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=978451", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=978451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=978451", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978451" + }, + { + "name": "http://plone.org/products/plone/security/advisories/20130618-announcement", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" + }, + { + "name": "http://plone.org/products/plone-hotfix/releases/20130618", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone-hotfix/releases/20130618" + }, + { + "name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q3/261" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4228.json b/2013/4xxx/CVE-2013-4228.json index 37ccc7d4a9c..e562618dc59 100644 --- a/2013/4xxx/CVE-2013-4228.json +++ b/2013/4xxx/CVE-2013-4228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4228", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4228", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4231.json b/2013/4xxx/CVE-2013-4231.json index 9494b2f5e82..54dccad5d1f 100644 --- a/2013/4xxx/CVE-2013-4231.json +++ b/2013/4xxx/CVE-2013-4231.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/08/10/2" - }, - { - "name" : "[tiff] 20130801 Vulnerabilities in libtiff 4.0.3", - "refsource" : "MLIST", - "url" : "http://www.asmail.be/msg0055359936.html" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2450", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2450" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=995965", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=995965" - }, - { - "name" : "DSA-2744", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2744" - }, - { - "name" : "RHSA-2014:0223", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0223.html" - }, - { - "name" : "61695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61695" - }, - { - "name" : "54543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54543" - }, - { - "name" : "54628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2450", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2450" + }, + { + "name": "RHSA-2014:0223", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html" + }, + { + "name": "DSA-2744", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2744" + }, + { + "name": "54543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54543" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=995965", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995965" + }, + { + "name": "[tiff] 20130801 Vulnerabilities in libtiff 4.0.3", + "refsource": "MLIST", + "url": "http://www.asmail.be/msg0055359936.html" + }, + { + "name": "54628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54628" + }, + { + "name": "[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/08/10/2" + }, + { + "name": "61695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61695" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4457.json b/2013/4xxx/CVE-2013-4457.json index a1aade399cb..30dcf698a63 100644 --- a/2013/4xxx/CVE-2013-4457.json +++ b/2013/4xxx/CVE-2013-4457.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131022 Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/22/10" - }, - { - "name" : "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md" - }, - { - "name" : "98835", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98835" - }, - { - "name" : "55365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md", + "refsource": "CONFIRM", + "url": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md" + }, + { + "name": "98835", + "refsource": "OSVDB", + "url": "http://osvdb.org/98835" + }, + { + "name": "[oss-security] 20131022 Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/22/10" + }, + { + "name": "55365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55365" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4742.json b/2013/4xxx/CVE-2013-4742.json index 3e61c58a8e7..134fa8b6c5a 100644 --- a/2013/4xxx/CVE-2013-4742.json +++ b/2013/4xxx/CVE-2013-4742.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130722 SurgeFtp Server BufferOverflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html" - }, - { - "name" : "61403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61403" - }, - { - "name" : "95582", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95582" - }, - { - "name" : "54188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54188" - }, - { - "name" : "surgeftp-cve20134742-vfprint-bo(85922)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54188" + }, + { + "name": "surgeftp-cve20134742-vfprint-bo(85922)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922" + }, + { + "name": "95582", + "refsource": "OSVDB", + "url": "http://osvdb.org/95582" + }, + { + "name": "61403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61403" + }, + { + "name": "20130722 SurgeFtp Server BufferOverflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7344.json b/2013/7xxx/CVE-2013-7344.json index cd8ec6b87d5..a1f2233ef7a 100644 --- a/2013/7xxx/CVE-2013-7344.json +++ b/2013/7xxx/CVE-2013-7344.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-006/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-006/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7357.json b/2013/7xxx/CVE-2013-7357.json index 4a5ddffe2dc..502c77aa7ed 100644 --- a/2013/7xxx/CVE-2013-7357.json +++ b/2013/7xxx/CVE-2013-7357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-010", - "refsource" : "MISC", - "url" : "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-010" - }, - { - "name" : "http://www.onapsis.com/research-advisories.php", - "refsource" : "MISC", - "url" : "http://www.onapsis.com/research-advisories.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-010", + "refsource": "MISC", + "url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2013-010" + }, + { + "name": "http://www.onapsis.com/research-advisories.php", + "refsource": "MISC", + "url": "http://www.onapsis.com/research-advisories.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10777.json b/2017/10xxx/CVE-2017-10777.json index 949aa5bac7e..9835225c03b 100644 --- a/2017/10xxx/CVE-2017-10777.json +++ b/2017/10xxx/CVE-2017-10777.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12351.json b/2017/12xxx/CVE-2017-12351.json index ebd25b842b4..f864843280a 100644 --- a/2017/12xxx/CVE-2017-12351.json +++ b/2017/12xxx/CVE-2017-12351.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco NX-OS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco NX-OS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka \"Unauthorized Internal Interface Access.\" This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco NX-OS", + "version": { + "version_data": [ + { + "version_value": "Cisco NX-OS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10" - }, - { - "name" : "102019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102019" - }, - { - "name" : "1039932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka \"Unauthorized Internal Interface Access.\" This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102019" + }, + { + "name": "1039932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039932" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12535.json b/2017/12xxx/CVE-2017-12535.json index 1952e214d0b..309b59ec8c6 100644 --- a/2017/12xxx/CVE-2017-12535.json +++ b/2017/12xxx/CVE-2017-12535.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12819.json b/2017/12xxx/CVE-2017-12819.json index 2eb40e935c5..f7e4d9550a3 100644 --- a/2017/12xxx/CVE-2017-12819.json +++ b/2017/12xxx/CVE-2017-12819.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-12819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE", - "version" : { - "version_data" : [ - { - "version_value" : "7.55" - } - ] - } - } - ] - }, - "vendor_name" : "Gemalto" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote manipulations with language pack updater lead to NTLM-relay attack for system user" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-12819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE", + "version": { + "version_data": [ + { + "version_value": "7.55" + } + ] + } + } + ] + }, + "vendor_name": "Gemalto" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-005-sentinel-ldk-rte-remote-manipulations-with-language-pack-updater-lead-to-ntlm-relay-attack-for-system-user/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-005-sentinel-ldk-rte-remote-manipulations-with-language-pack-updater-lead-to-ntlm-relay-attack-for-system-user/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote manipulations with language pack updater lead to NTLM-relay attack for system user" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf" + }, + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-005-sentinel-ldk-rte-remote-manipulations-with-language-pack-updater-lead-to-ntlm-relay-attack-for-system-user/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-005-sentinel-ldk-rte-remote-manipulations-with-language-pack-updater-lead-to-ntlm-relay-attack-for-system-user/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12872.json b/2017/12xxx/CVE-2017-12872.json index 4d84c58d5ee..59a5bbd547f 100644 --- a/2017/12xxx/CVE-2017-12872.json +++ b/2017/12xxx/CVE-2017-12872.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html" - }, - { - "name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1408-1] simplesamlphp security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00017.html" - }, - { - "name" : "https://simplesamlphp.org/security/201703-01", - "refsource" : "CONFIRM", - "url" : "https://simplesamlphp.org/security/201703-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://simplesamlphp.org/security/201703-01", + "refsource": "CONFIRM", + "url": "https://simplesamlphp.org/security/201703-01" + }, + { + "name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html" + }, + { + "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1408-1] simplesamlphp security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00017.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13270.json b/2017/13xxx/CVE-2017-13270.json index 16c177a67bf..dc19401df19 100644 --- a/2017/13xxx/CVE-2017-13270.json +++ b/2017/13xxx/CVE-2017-13270.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-13270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-13270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13498.json b/2017/13xxx/CVE-2017-13498.json index b2bd44f485f..7d9525bdc51 100644 --- a/2017/13xxx/CVE-2017-13498.json +++ b/2017/13xxx/CVE-2017-13498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13498", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13498", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13583.json b/2017/13xxx/CVE-2017-13583.json index bb2051cd8b6..2f8925ce2cf 100644 --- a/2017/13xxx/CVE-2017-13583.json +++ b/2017/13xxx/CVE-2017-13583.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13583", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13583", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16462.json b/2017/16xxx/CVE-2017-16462.json index 13b4f0ce5ac..0d4ce358194 100644 --- a/2017/16xxx/CVE-2017-16462.json +++ b/2017/16xxx/CVE-2017-16462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16462", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16462", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16843.json b/2017/16xxx/CVE-2017-16843.json index 76ca56a9021..fb1921487a0 100644 --- a/2017/16xxx/CVE-2017-16843.json +++ b/2017/16xxx/CVE-2017-16843.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43150", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43150/" - }, - { - "name" : "https://gh0s7.net/vonage/", - "refsource" : "MISC", - "url" : "https://gh0s7.net/vonage/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43150", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43150/" + }, + { + "name": "https://gh0s7.net/vonage/", + "refsource": "MISC", + "url": "https://gh0s7.net/vonage/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17110.json b/2017/17xxx/CVE-2017-17110.json index cf62ff1e649..31a30369b40 100644 --- a/2017/17xxx/CVE-2017-17110.json +++ b/2017/17xxx/CVE-2017-17110.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43211", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43211/" - }, - { - "name" : "http://packetstormsecurity.com/files/145231/Techno-Portfolio-Management-Panel-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145231/Techno-Portfolio-Management-Panel-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43211", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43211/" + }, + { + "name": "http://packetstormsecurity.com/files/145231/Techno-Portfolio-Management-Panel-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145231/Techno-Portfolio-Management-Panel-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17290.json b/2017/17xxx/CVE-2017-17290.json index 3279acd57f1..7cf9ac57bab 100644 --- a/2017/17xxx/CVE-2017-17290.json +++ b/2017/17xxx/CVE-2017-17290.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TE60,ViewPoint 9030", - "version" : { - "version_data" : [ - { - "version_value" : "TE60 V600R006C00, ViewPoint 9030 V100R011C02, V100R011C03" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "resource management errors" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TE60,ViewPoint 9030", + "version": { + "version_data": [ + { + "version_value": "TE60 V600R006C00, ViewPoint 9030 V100R011C02, V100R011C03" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "resource management errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17650.json b/2017/17xxx/CVE-2017-17650.json index 6753a85a2aa..e39ce194728 100644 --- a/2017/17xxx/CVE-2017-17650.json +++ b/2017/17xxx/CVE-2017-17650.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17650", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17650", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18302.json b/2018/18xxx/CVE-2018-18302.json index dda0ffb5b8d..0d2af3d6b89 100644 --- a/2018/18xxx/CVE-2018-18302.json +++ b/2018/18xxx/CVE-2018-18302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18302", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18302", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18464.json b/2018/18xxx/CVE-2018-18464.json index 3c8ea8c9e79..a6c128785b4 100644 --- a/2018/18xxx/CVE-2018-18464.json +++ b/2018/18xxx/CVE-2018-18464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18464", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18464", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18505.json b/2018/18xxx/CVE-2018-18505.json index b07ee701cb9..be365a1bf60 100644 --- a/2018/18xxx/CVE-2018-18505.json +++ b/2018/18xxx/CVE-2018-18505.json @@ -1,160 +1,160 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-18505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.5" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.5" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation through IPC channel messages" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-18505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.5" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.5" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190130 [SECURITY] [DLA 1648-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html" - }, - { - "name" : "[debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1087565", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1087565" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-01/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-02/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-03/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-03/" - }, - { - "name" : "DSA-4376", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4376" - }, - { - "name" : "DSA-4392", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4392" - }, - { - "name" : "GLSA-201903-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-04" - }, - { - "name" : "RHSA-2019:0218", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0218" - }, - { - "name" : "RHSA-2019:0219", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0219" - }, - { - "name" : "RHSA-2019:0269", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0269" - }, - { - "name" : "RHSA-2019:0270", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0270" - }, - { - "name" : "USN-3874-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3874-1/" - }, - { - "name" : "USN-3897-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3897-1/" - }, - { - "name" : "106781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation through IPC channel messages" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0219", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0219" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-01/" + }, + { + "name": "USN-3897-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3897-1/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1087565", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1087565" + }, + { + "name": "106781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106781" + }, + { + "name": "GLSA-201903-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-04" + }, + { + "name": "USN-3874-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3874-1/" + }, + { + "name": "RHSA-2019:0269", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0269" + }, + { + "name": "RHSA-2019:0218", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0218" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-02/" + }, + { + "name": "DSA-4376", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4376" + }, + { + "name": "[debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html" + }, + { + "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1648-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-03/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-03/" + }, + { + "name": "DSA-4392", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4392" + }, + { + "name": "RHSA-2019:0270", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0270" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18536.json b/2018/18xxx/CVE-2018-18536.json index 080a06e0102..a72c5de6e19 100644 --- a/2018/18xxx/CVE-2018-18536.json +++ b/2018/18xxx/CVE-2018-18536.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181221 [CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/34" - }, - { - "name" : "http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html" - }, - { - "name" : "https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities" - }, - { - "name" : "106250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106250" + }, + { + "name": "http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html" + }, + { + "name": "https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities", + "refsource": "MISC", + "url": "https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities" + }, + { + "name": "20181221 [CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/34" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18781.json b/2018/18xxx/CVE-2018-18781.json index 288e8b77254..3dd43dcebff 100644 --- a/2018/18xxx/CVE-2018-18781.json +++ b/2018/18xxx/CVE-2018-18781.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ky-j/dedecms/issues/9", - "refsource" : "MISC", - "url" : "https://github.com/ky-j/dedecms/issues/9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ky-j/dedecms/issues/9", + "refsource": "MISC", + "url": "https://github.com/ky-j/dedecms/issues/9" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19074.json b/2018/19xxx/CVE-2018-19074.json index 8c152f370aa..5651ef8015f 100644 --- a/2018/19xxx/CVE-2018-19074.json +++ b/2018/19xxx/CVE-2018-19074.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", + "refsource": "MISC", + "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19093.json b/2018/19xxx/CVE-2018-19093.json index 5c156355f6f..744be9e3c5f 100644 --- a/2018/19xxx/CVE-2018-19093.json +++ b/2018/19xxx/CVE-2018-19093.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-controlobjectclient_setcommandterminationhandler", - "refsource" : "MISC", - "url" : "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-controlobjectclient_setcommandterminationhandler" - }, - { - "name" : "https://github.com/mz-automation/libiec61850/issues/84", - "refsource" : "MISC", - "url" : "https://github.com/mz-automation/libiec61850/issues/84" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mz-automation/libiec61850/issues/84", + "refsource": "MISC", + "url": "https://github.com/mz-automation/libiec61850/issues/84" + }, + { + "name": "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-controlobjectclient_setcommandterminationhandler", + "refsource": "MISC", + "url": "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-controlobjectclient_setcommandterminationhandler" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1220.json b/2018/1xxx/CVE-2018-1220.json index 31a18307618..4d23476fb8c 100644 --- a/2018/1xxx/CVE-2018-1220.json +++ b/2018/1xxx/CVE-2018-1220.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2018-1220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC RSA Archer GRC Platform RSA Archer versions prior to 6.2.0.8", - "version" : { - "version_data" : [ - { - "version_value" : "EMC RSA Archer GRC Platform RSA Archer versions prior to 6.2.0.8" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL Redirection to Untrusted Site" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2018-1220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC RSA Archer GRC Platform RSA Archer versions prior to 6.2.0.8", + "version": { + "version_data": [ + { + "version_value": "EMC RSA Archer GRC Platform RSA Archer versions prior to 6.2.0.8" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2018/Mar/12", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/12" - }, - { - "name" : "103319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103319" - }, - { - "name" : "1040457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection to Untrusted Site" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2018/Mar/12", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2018/Mar/12" + }, + { + "name": "103319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103319" + }, + { + "name": "1040457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040457" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1737.json b/2018/1xxx/CVE-2018-1737.json index 2f746f7bf04..3b4daf82501 100644 --- a/2018/1xxx/CVE-2018-1737.json +++ b/2018/1xxx/CVE-2018-1737.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1737", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1737", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1988.json b/2018/1xxx/CVE-2018-1988.json index 41b5a19bf86..01979c83794 100644 --- a/2018/1xxx/CVE-2018-1988.json +++ b/2018/1xxx/CVE-2018-1988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1988", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1988", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5193.json b/2018/5xxx/CVE-2018-5193.json index d2aae791301..ae868218ef4 100644 --- a/2018/5xxx/CVE-2018-5193.json +++ b/2018/5xxx/CVE-2018-5193.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5193", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5193", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5612.json b/2018/5xxx/CVE-2018-5612.json index 2c025baa35c..c4df71e93ec 100644 --- a/2018/5xxx/CVE-2018-5612.json +++ b/2018/5xxx/CVE-2018-5612.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5612", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5612", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5871.json b/2018/5xxx/CVE-2018-5871.json index 8147e6d5dc5..f548f2d2616 100644 --- a/2018/5xxx/CVE-2018-5871.json +++ b/2018/5xxx/CVE-2018-5871.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cryptographic Issues in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components" + }, + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file