diff --git a/2008/0xxx/CVE-2008-0059.json b/2008/0xxx/CVE-2008-0059.json index 6230228e45d..62888560422 100644 --- a/2008/0xxx/CVE-2008-0059.json +++ b/2008/0xxx/CVE-2008-0059.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to \"error handling logic.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "TA08-079A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" - }, - { - "name" : "28304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28304" - }, - { - "name" : "28367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28367" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019650" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "macos-foundation-code-execution(41296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to \"error handling logic.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28304" + }, + { + "name": "1019650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019650" + }, + { + "name": "TA08-079A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "macos-foundation-code-execution(41296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41296" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "28367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28367" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0475.json b/2008/0xxx/CVE-2008-0475.json index 4a3e1a23f59..c5af6f9cac7 100644 --- a/2008/0xxx/CVE-2008-0475.json +++ b/2008/0xxx/CVE-2008-0475.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the \"/-\" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27443" - }, - { - "name" : "28332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28332" - }, - { - "name" : "manageengine-home-information-disclosure(39917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the \"/-\" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27443" + }, + { + "name": "28332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28332" + }, + { + "name": "manageengine-home-information-disclosure(39917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39917" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0715.json b/2008/0xxx/CVE-2008-0715.json index 8999cc95121..4411b475370 100644 --- a/2008/0xxx/CVE-2008-0715.json +++ b/2008/0xxx/CVE-2008-0715.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user-assisted remote attackers to execute arbitrary code via a malformed XBM file. NOTE: this might be the same as CVE-2007-6009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+AcdSee+Photo+Manager", - "refsource" : "MISC", - "url" : "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+AcdSee+Photo+Manager" - }, - { - "name" : "ADV-2008-0443", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0443" - }, - { - "name" : "28797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user-assisted remote attackers to execute arbitrary code via a malformed XBM file. NOTE: this might be the same as CVE-2007-6009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0443", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0443" + }, + { + "name": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+AcdSee+Photo+Manager", + "refsource": "MISC", + "url": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+AcdSee+Photo+Manager" + }, + { + "name": "28797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28797" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0763.json b/2008/0xxx/CVE-2008-0763.json index ffb4e6bc770..6dde8ac5182 100644 --- a/2008/0xxx/CVE-2008-0763.json +++ b/2008/0xxx/CVE-2008-0763.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080211 Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487956/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/lstnpsx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/lstnpsx-adv.txt" - }, - { - "name" : "27732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27732" - }, - { - "name" : "ADV-2008-0500", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0500" - }, - { - "name" : "28890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28890" - }, - { - "name" : "networkprintserver-npspcsvr-bo(40421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080211 Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487956/100/0/threaded" + }, + { + "name": "28890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28890" + }, + { + "name": "27732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27732" + }, + { + "name": "networkprintserver-npspcsvr-bo(40421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40421" + }, + { + "name": "http://aluigi.altervista.org/adv/lstnpsx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/lstnpsx-adv.txt" + }, + { + "name": "ADV-2008-0500", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0500" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1094.json b/2008/1xxx/CVE-2008-1094.json index 9b5eda0bc27..49831852b1d 100644 --- a/2008/1xxx/CVE-2008-1094.json +++ b/2008/1xxx/CVE-2008-1094.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081216 CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499293/100/0/threaded" - }, - { - "name" : "7496", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7496" - }, - { - "name" : "http://dcsl.ul.ie/advisories/02.htm", - "refsource" : "MISC", - "url" : "http://dcsl.ul.ie/advisories/02.htm" - }, - { - "name" : "http://www.barracudanetworks.com/ns/support/tech_alert.php", - "refsource" : "CONFIRM", - "url" : "http://www.barracudanetworks.com/ns/support/tech_alert.php" - }, - { - "name" : "1021455", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021455" - }, - { - "name" : "33164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33164" - }, - { - "name" : "4793", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7496", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7496" + }, + { + "name": "33164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33164" + }, + { + "name": "20081216 CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded" + }, + { + "name": "http://www.barracudanetworks.com/ns/support/tech_alert.php", + "refsource": "CONFIRM", + "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php" + }, + { + "name": "4793", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4793" + }, + { + "name": "http://dcsl.ul.ie/advisories/02.htm", + "refsource": "MISC", + "url": "http://dcsl.ul.ie/advisories/02.htm" + }, + { + "name": "1021455", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021455" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1420.json b/2008/1xxx/CVE-2008-1420.json index 619b2c70753..3e7edde34eb 100644 --- a/2008/1xxx/CVE-2008-1420.json +++ b/2008/1xxx/CVE-2008-1420.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=440706", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=440706" - }, - { - "name" : "DSA-1591", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1591" - }, - { - "name" : "FEDORA-2008-3898", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html" - }, - { - "name" : "FEDORA-2008-3910", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html" - }, - { - "name" : "FEDORA-2008-3934", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html" - }, - { - "name" : "GLSA-200806-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200806-09.xml" - }, - { - "name" : "MDVSA-2008:102", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102" - }, - { - "name" : "RHSA-2008:0270", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0270.html" - }, - { - "name" : "RHSA-2008:0271", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0271.html" - }, - { - "name" : "SUSE-SR:2008:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" - }, - { - "name" : "USN-682-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-682-1" - }, - { - "name" : "USN-825-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/825-1/" - }, - { - "name" : "29206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29206" - }, - { - "name" : "oval:org.mitre.oval:def:9500", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500" - }, - { - "name" : "32946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32946" - }, - { - "name" : "36463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36463" - }, - { - "name" : "ADV-2008-1510", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1510/references" - }, - { - "name" : "1020029", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020029" - }, - { - "name" : "30234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30234" - }, - { - "name" : "30237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30237" - }, - { - "name" : "30247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30247" - }, - { - "name" : "30259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30259" - }, - { - "name" : "30479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30479" - }, - { - "name" : "30581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30581" - }, - { - "name" : "30820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30820" - }, - { - "name" : "libvorbis-residue-bo(42402)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-825-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/825-1/" + }, + { + "name": "30234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30234" + }, + { + "name": "RHSA-2008:0270", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=440706", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440706" + }, + { + "name": "SUSE-SR:2008:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" + }, + { + "name": "DSA-1591", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1591" + }, + { + "name": "FEDORA-2008-3910", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html" + }, + { + "name": "FEDORA-2008-3898", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html" + }, + { + "name": "RHSA-2008:0271", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html" + }, + { + "name": "1020029", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020029" + }, + { + "name": "USN-682-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-682-1" + }, + { + "name": "30237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30237" + }, + { + "name": "GLSA-200806-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml" + }, + { + "name": "30479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30479" + }, + { + "name": "36463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36463" + }, + { + "name": "29206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29206" + }, + { + "name": "30259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30259" + }, + { + "name": "ADV-2008-1510", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1510/references" + }, + { + "name": "oval:org.mitre.oval:def:9500", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500" + }, + { + "name": "30247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30247" + }, + { + "name": "30820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30820" + }, + { + "name": "FEDORA-2008-3934", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html" + }, + { + "name": "MDVSA-2008:102", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102" + }, + { + "name": "32946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32946" + }, + { + "name": "30581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30581" + }, + { + "name": "libvorbis-residue-bo(42402)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42402" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3109.json b/2008/3xxx/CVE-2008-3109.json index 075f1174120..1f47955c7c0 100644 --- a/2008/3xxx/CVE-2008-3109.json +++ b/2008/3xxx/CVE-2008-3109.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2" - }, - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded" - }, - { - "name" : "http://support.apple.com/kb/HT3179", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3179" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" - }, - { - "name" : "APPLE-SA-2008-09-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "RHSA-2008:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0594.html" - }, - { - "name" : "RHSA-2008:1045", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1045.html" - }, - { - "name" : "RHSA-2008:0906", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0906.html" - }, - { - "name" : "238687", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1" - }, - { - "name" : "SUSE-SA:2008:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" - }, - { - "name" : "TA08-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" - }, - { - "name" : "30144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30144" - }, - { - "name" : "oval:org.mitre.oval:def:8540", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8540" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "ADV-2008-2056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2056/references" - }, - { - "name" : "ADV-2008-2740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2740" - }, - { - "name" : "1020456", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020456" - }, - { - "name" : "31010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31010" - }, - { - "name" : "31600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31600" - }, - { - "name" : "32018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32018" - }, - { - "name" : "32180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32180" - }, - { - "name" : "32179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32179" - }, - { - "name" : "32436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32436" - }, - { - "name" : "33238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33238" - }, - { - "name" : "sun-jre-scripting-unauth-access(43660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2" + }, + { + "name": "32436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32436" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" + }, + { + "name": "31600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31600" + }, + { + "name": "SUSE-SA:2008:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" + }, + { + "name": "32018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32018" + }, + { + "name": "sun-jre-scripting-unauth-access(43660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43660" + }, + { + "name": "238687", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "32179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32179" + }, + { + "name": "ADV-2008-2740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2740" + }, + { + "name": "30144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30144" + }, + { + "name": "APPLE-SA-2008-09-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" + }, + { + "name": "ADV-2008-2056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2056/references" + }, + { + "name": "32180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32180" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" + }, + { + "name": "oval:org.mitre.oval:def:8540", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8540" + }, + { + "name": "RHSA-2008:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" + }, + { + "name": "RHSA-2008:1045", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" + }, + { + "name": "33238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33238" + }, + { + "name": "1020456", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020456" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" + }, + { + "name": "RHSA-2008:0906", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" + }, + { + "name": "TA08-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "http://support.apple.com/kb/HT3179", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3179" + }, + { + "name": "31010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31010" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3384.json b/2008/3xxx/CVE-2008-3384.json index 409ae92b9e0..cebb1d7e076 100644 --- a/2008/3xxx/CVE-2008-3384.json +++ b/2008/3xxx/CVE-2008-3384.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080721 [DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494582/100/0/threaded" - }, - { - "name" : "6107", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6107" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?thread_id=2104908&forum_id=237160", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?thread_id=2104908&forum_id=237160" - }, - { - "name" : "30315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30315" - }, - { - "name" : "ADV-2008-2155", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2155/references" - }, - { - "name" : "31150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31150" - }, - { - "name" : "4073", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4073" - }, - { - "name" : "interact-help-file-include(43937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "interact-help-file-include(43937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43937" + }, + { + "name": "20080721 [DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494582/100/0/threaded" + }, + { + "name": "6107", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6107" + }, + { + "name": "30315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30315" + }, + { + "name": "ADV-2008-2155", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2155/references" + }, + { + "name": "4073", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4073" + }, + { + "name": "http://sourceforge.net/forum/forum.php?thread_id=2104908&forum_id=237160", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?thread_id=2104908&forum_id=237160" + }, + { + "name": "31150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31150" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3593.json b/2008/3xxx/CVE-2008-3593.json index 052bb5218df..1ee77210e9e 100644 --- a/2008/3xxx/CVE-2008-3593.json +++ b/2008/3xxx/CVE-2008-3593.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6200", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6200" - }, - { - "name" : "30530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30530" - }, - { - "name" : "4138", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4138" - }, - { - "name" : "syzygycms-index-file-include(44157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "syzygycms-index-file-include(44157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44157" + }, + { + "name": "6200", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6200" + }, + { + "name": "30530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30530" + }, + { + "name": "4138", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4138" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4017.json b/2008/4xxx/CVE-2008-4017.json index c54a6c9efd8..b122dfef924 100644 --- a/2008/4xxx/CVE-2008-4017.json +++ b/2008/4xxx/CVE-2008-4017.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-4017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "1021572", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021572" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "1021572", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021572" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4023.json b/2008/4xxx/CVE-2008-4023.json index 19d662dd65a..e7f6a945819 100644 --- a/2008/4xxx/CVE-2008-4023.json +++ b/2008/4xxx/CVE-2008-4023.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka \"Active Directory Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-4023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02379", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "SSRT080143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "MS08-060", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-060" - }, - { - "name" : "TA08-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" - }, - { - "name" : "31609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31609" - }, - { - "name" : "oval:org.mitre.oval:def:6107", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6107" - }, - { - "name" : "ADV-2008-2811", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2811" - }, - { - "name" : "1021042", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021042" - }, - { - "name" : "32242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32242" - }, - { - "name" : "win-active-directory-ldap-bo(45585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka \"Active Directory Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6107", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6107" + }, + { + "name": "SSRT080143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "31609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31609" + }, + { + "name": "1021042", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021042" + }, + { + "name": "HPSBST02379", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "win-active-directory-ldap-bo(45585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45585" + }, + { + "name": "ADV-2008-2811", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2811" + }, + { + "name": "MS08-060", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-060" + }, + { + "name": "TA08-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" + }, + { + "name": "32242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32242" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4110.json b/2008/4xxx/CVE-2008-4110.json index 01f7c10ff4c..eb981d64ca9 100644 --- a/2008/4xxx/CVE-2008-4110.json +++ b/2008/4xxx/CVE-2008-4110.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\\Binn\\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080911 sqlvdir.dll ActiveX Remote Buffer Overflow Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496232/100/0/threaded" - }, - { - "name" : "31129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31129" - }, - { - "name" : "4262", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4262" - }, - { - "name" : "mssql-sqlvdir-bo(45186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\\Binn\\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080911 sqlvdir.dll ActiveX Remote Buffer Overflow Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496232/100/0/threaded" + }, + { + "name": "mssql-sqlvdir-bo(45186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45186" + }, + { + "name": "4262", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4262" + }, + { + "name": "31129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31129" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4677.json b/2008/4xxx/CVE-2008-4677.json index 970d1fdfae3..c9e9a477184 100644 --- a/2008/4xxx/CVE-2008-4677.json +++ b/2008/4xxx/CVE-2008-4677.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating \"I'm assuming that they're using the same id and password on that unchanged hostname, deliberately.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080812 Re: Vim: Netrw: FTP User Name and Password Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495432" - }, - { - "name" : "20080812 Vim: Netrw: FTP User Name and Password Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495436" - }, - { - "name" : "[oss-security] 20081006 CVE request - (vim : netrw plugin - ftp user credentials disclosure)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/06/4" - }, - { - "name" : "[oss-security] 20081016 CVE request - Vim netrw.plugin", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/16/2" - }, - { - "name" : "[oss-security] 20081020 CVE request (vim)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/20/2" - }, - { - "name" : "[vim_dev] 20080817 Re: Anyone fixing SA31464?", - "refsource" : "MLIST", - "url" : "http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6" - }, - { - "name" : "http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html", - "refsource" : "MISC", - "url" : "http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=461750", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=461750" - }, - { - "name" : "MDVSA-2008:236", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "30670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30670" - }, - { - "name" : "31464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31464" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "ADV-2008-2379", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2379" - }, - { - "name" : "vim-netrw-ftp-information-disclosure(44419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating \"I'm assuming that they're using the same id and password on that unchanged hostname, deliberately.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30670" + }, + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "31464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31464" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=461750", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461750" + }, + { + "name": "[vim_dev] 20080817 Re: Anyone fixing SA31464?", + "refsource": "MLIST", + "url": "http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6" + }, + { + "name": "[oss-security] 20081020 CVE request (vim)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/20/2" + }, + { + "name": "[oss-security] 20081016 CVE request - Vim netrw.plugin", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/16/2" + }, + { + "name": "20080812 Vim: Netrw: FTP User Name and Password Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495436" + }, + { + "name": "ADV-2008-2379", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2379" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "[oss-security] 20081006 CVE request - (vim : netrw plugin - ftp user credentials disclosure)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/06/4" + }, + { + "name": "20080812 Re: Vim: Netrw: FTP User Name and Password Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495432" + }, + { + "name": "MDVSA-2008:236", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236" + }, + { + "name": "http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html", + "refsource": "MISC", + "url": "http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html" + }, + { + "name": "vim-netrw-ftp-information-disclosure(44419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44419" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4718.json b/2008/4xxx/CVE-2008-4718.json index e3f2440553c..9b40786ff3d 100644 --- a/2008/4xxx/CVE-2008-4718.json +++ b/2008/4xxx/CVE-2008-4718.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6592", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6592" - }, - { - "name" : "6607", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6607" - }, - { - "name" : "4499", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4499" - }, - { - "name" : "x7chat-mini-file-include(45495)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6592", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6592" + }, + { + "name": "x7chat-mini-file-include(45495)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45495" + }, + { + "name": "6607", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6607" + }, + { + "name": "4499", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4499" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4862.json b/2008/4xxx/CVE-2008-4862.json index e6d7800ad66..ebe7be39dc0 100644 --- a/2008/4xxx/CVE-2008-4862.json +++ b/2008/4xxx/CVE-2008-4862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4862", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4862", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2074.json b/2013/2xxx/CVE-2013-2074.json index d17102beb9d..a43aed421ec 100644 --- a/2013/2xxx/CVE-2013-2074.json +++ b/2013/2xxx/CVE-2013-2074.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an \"internal server error,\" which includes the username and password in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130510 CVE request: password exposure in kdelibs when showing \"internal server error\" messages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/10/4" - }, - { - "name" : "[oss-security] 20130510 Re: CVE request: password exposure in kdelibs when showing \"internal server error\" messages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/11/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776" - }, - { - "name" : "http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/", - "refsource" : "MISC", - "url" : "http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/" - }, - { - "name" : "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp", - "refsource" : "MISC", - "url" : "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp" - }, - { - "name" : "https://bugs.kde.org/show_bug.cgi?id=319428", - "refsource" : "CONFIRM", - "url" : "https://bugs.kde.org/show_bug.cgi?id=319428" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=961981", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=961981" - }, - { - "name" : "USN-1842-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1842-1" - }, - { - "name" : "93244", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an \"internal server error,\" which includes the username and password in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130510 CVE request: password exposure in kdelibs when showing \"internal server error\" messages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/10/4" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=961981", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961981" + }, + { + "name": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp", + "refsource": "MISC", + "url": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp" + }, + { + "name": "[oss-security] 20130510 Re: CVE request: password exposure in kdelibs when showing \"internal server error\" messages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/11/2" + }, + { + "name": "93244", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93244" + }, + { + "name": "USN-1842-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1842-1" + }, + { + "name": "http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/", + "refsource": "MISC", + "url": "http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/" + }, + { + "name": "https://bugs.kde.org/show_bug.cgi?id=319428", + "refsource": "CONFIRM", + "url": "https://bugs.kde.org/show_bug.cgi?id=319428" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2215.json b/2013/2xxx/CVE-2013-2215.json index 7c9e1523779..873e0df974d 100644 --- a/2013/2xxx/CVE-2013-2215.json +++ b/2013/2xxx/CVE-2013-2215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2215", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2215", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2454.json b/2013/2xxx/CVE-2013-2454.json index 00c1edafab5..e85a9762169 100644 --- a/2013/2xxx/CVE-2013-2454.json +++ b/2013/2xxx/CVE-2013-2454.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ec931d812faa", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ec931d812faa" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975129", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975129" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2013-0185.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2013-0185.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "MDVSA-2013:183", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1293", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "SUSE-SU-2013:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60650" - }, - { - "name" : "oval:org.mitre.oval:def:17236", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17236" - }, - { - "name" : "oval:org.mitre.oval:def:19237", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19237" - }, - { - "name" : "oval:org.mitre.oval:def:19407", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19407" - }, - { - "name" : "oval:org.mitre.oval:def:19470", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19470" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975129", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975129" + }, + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "oval:org.mitre.oval:def:19237", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19237" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "SUSE-SU-2013:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" + }, + { + "name": "oval:org.mitre.oval:def:19470", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19470" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ec931d812faa", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ec931d812faa" + }, + { + "name": "oval:org.mitre.oval:def:17236", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17236" + }, + { + "name": "60650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60650" + }, + { + "name": "SUSE-SU-2013:1293", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" + }, + { + "name": "RHSA-2013:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "http://advisories.mageia.org/MGASA-2013-0185.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2013-0185.html" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "MDVSA-2013:183", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" + }, + { + "name": "oval:org.mitre.oval:def:19407", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19407" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2762.json b/2013/2xxx/CVE-2013-2762.json index 39048c17e15..45561f8aab7 100644 --- a/2013/2xxx/CVE-2013-2762.json +++ b/2013/2xxx/CVE-2013-2762.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3905.json b/2013/3xxx/CVE-2013-3905.json index 62005f8d5bc..5e294a520c3 100644 --- a/2013/3xxx/CVE-2013-3905.json +++ b/2013/3xxx/CVE-2013-3905.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka \"S/MIME AIA Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-094", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-094" - }, - { - "name" : "TA13-317A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-317A" - }, - { - "name" : "oval:org.mitre.oval:def:19239", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka \"S/MIME AIA Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-094", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-094" + }, + { + "name": "TA13-317A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-317A" + }, + { + "name": "oval:org.mitre.oval:def:19239", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19239" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6182.json b/2013/6xxx/CVE-2013-6182.json index 80dd1391cf6..954bb058510 100644 --- a/2013/6xxx/CVE-2013-6182.json +++ b/2013/6xxx/CVE-2013-6182.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-6182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131224 ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0139.html" - }, - { - "name" : "http://packetstormsecurity.com/files/124584/EMC-Replication-Manager-Unquoted-File-Path-Enumeration.html", - "refsource" : "CONFIRM", - "url" : "http://packetstormsecurity.com/files/124584/EMC-Replication-Manager-Unquoted-File-Path-Enumeration.html" - }, - { - "name" : "64520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64520" - }, - { - "name" : "101430", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101430" - }, - { - "name" : "1029536", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64520" + }, + { + "name": "20131224 ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0139.html" + }, + { + "name": "http://packetstormsecurity.com/files/124584/EMC-Replication-Manager-Unquoted-File-Path-Enumeration.html", + "refsource": "CONFIRM", + "url": "http://packetstormsecurity.com/files/124584/EMC-Replication-Manager-Unquoted-File-Path-Enumeration.html" + }, + { + "name": "1029536", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029536" + }, + { + "name": "101430", + "refsource": "OSVDB", + "url": "http://osvdb.org/101430" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6236.json b/2013/6xxx/CVE-2013-6236.json index 06cbe43ea17..2cbcff9399e 100644 --- a/2013/6xxx/CVE-2013-6236.json +++ b/2013/6xxx/CVE-2013-6236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6549.json b/2013/6xxx/CVE-2013-6549.json index 6e764ee6f68..9a4bd958bc5 100644 --- a/2013/6xxx/CVE-2013-6549.json +++ b/2013/6xxx/CVE-2013-6549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6549", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6549", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6890.json b/2013/6xxx/CVE-2013-6890.json index 59670ff2c4e..b718b5b12c6 100644 --- a/2013/6xxx/CVE-2013-6890.json +++ b/2013/6xxx/CVE-2013-6890.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131222 Re: [SECURITY] [DSA 2826-1] denyhosts security update", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/535" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1045982", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1045982" - }, - { - "name" : "DSA-2826", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2826" - }, - { - "name" : "56239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56239" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1045982", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045982" + }, + { + "name": "[oss-security] 20131222 Re: [SECURITY] [DSA 2826-1] denyhosts security update", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/535" + }, + { + "name": "DSA-2826", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2826" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6947.json b/2013/6xxx/CVE-2013-6947.json index 982facb8068..5f66f9c62c8 100644 --- a/2013/6xxx/CVE-2013-6947.json +++ b/2013/6xxx/CVE-2013-6947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7118.json b/2013/7xxx/CVE-2013-7118.json index d73fe9bcc9d..3b8901bbc99 100644 --- a/2013/7xxx/CVE-2013-7118.json +++ b/2013/7xxx/CVE-2013-7118.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7118", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-7118", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7372.json b/2013/7xxx/CVE-2013-7372.json index 455732be93d..2426197ac2f 100644 --- a/2013/7xxx/CVE-2013-7372.json +++ b/2013/7xxx/CVE-2013-7372.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf", - "refsource" : "MISC", - "url" : "http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf" - }, - { - "name" : "https://bitcoin.org/en/alert/2013-08-11-android", - "refsource" : "MISC", - "url" : "https://bitcoin.org/en/alert/2013-08-11-android" - }, - { - "name" : "http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html", - "refsource" : "CONFIRM", - "url" : "http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html" - }, - { - "name" : "https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf", + "refsource": "MISC", + "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf" + }, + { + "name": "https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java" + }, + { + "name": "https://bitcoin.org/en/alert/2013-08-11-android", + "refsource": "MISC", + "url": "https://bitcoin.org/en/alert/2013-08-11-android" + }, + { + "name": "http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html", + "refsource": "CONFIRM", + "url": "http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10188.json b/2017/10xxx/CVE-2017-10188.json index 4be2e562fb9..fd69582ebce 100644 --- a/2017/10xxx/CVE-2017-10188.json +++ b/2017/10xxx/CVE-2017-10188.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Hotel Mobile", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "1.01" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Android). The supported version that is affected is 1.01. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality Hotel Mobile executes to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality Hotel Mobile executes to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Hotel Mobile accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Hotel Mobile", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.01" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99817" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Android). The supported version that is affected is 1.01. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality Hotel Mobile executes to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality Hotel Mobile executes to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Hotel Mobile accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99817" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10199.json b/2017/10xxx/CVE-2017-10199.json index 7285f02493a..ffabaffe7a0 100644 --- a/2017/10xxx/CVE-2017-10199.json +++ b/2017/10xxx/CVE-2017-10199.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iLearning", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "6.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Pages). The supported version that is affected is 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iLearning", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99637" - }, - { - "name" : "1038949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Pages). The supported version that is affected is 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99637" + }, + { + "name": "1038949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038949" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10473.json b/2017/10xxx/CVE-2017-10473.json index 7b7f6ae5227..9d1ac5737b4 100644 --- a/2017/10xxx/CVE-2017-10473.json +++ b/2017/10xxx/CVE-2017-10473.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10473", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10473", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10546.json b/2017/10xxx/CVE-2017-10546.json index fb30ddc6422..c453397a95c 100644 --- a/2017/10xxx/CVE-2017-10546.json +++ b/2017/10xxx/CVE-2017-10546.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10546", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10546", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14135.json b/2017/14xxx/CVE-2017-14135.json index 10fce71b82f..88e6a32f673 100644 --- a/2017/14xxx/CVE-2017-14135.json +++ b/2017/14xxx/CVE-2017-14135.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://the-infosec.com/2017/07/05/from-shodan-to-rce-opendreambox-2-0-0-code-execution/", - "refsource" : "MISC", - "url" : "https://the-infosec.com/2017/07/05/from-shodan-to-rce-opendreambox-2-0-0-code-execution/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://the-infosec.com/2017/07/05/from-shodan-to-rce-opendreambox-2-0-0-code-execution/", + "refsource": "MISC", + "url": "https://the-infosec.com/2017/07/05/from-shodan-to-rce-opendreambox-2-0-0-code-execution/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14523.json b/2017/14xxx/CVE-2017-14523.json index 45e885e922c..849e409fedb 100644 --- a/2017/14xxx/CVE-2017-14523.json +++ b/2017/14xxx/CVE-2017-14523.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43964", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43964/" - }, - { - "name" : "https://securitywarrior9.blogspot.in/2018/01/host-header-injection-in-wonder-cms.html", - "refsource" : "MISC", - "url" : "https://securitywarrior9.blogspot.in/2018/01/host-header-injection-in-wonder-cms.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securitywarrior9.blogspot.in/2018/01/host-header-injection-in-wonder-cms.html", + "refsource": "MISC", + "url": "https://securitywarrior9.blogspot.in/2018/01/host-header-injection-in-wonder-cms.html" + }, + { + "name": "43964", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43964/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14682.json b/2017/14xxx/CVE-2017-14682.json index 207d51d6268..33d6bbc7972 100644 --- a/2017/14xxx/CVE-2017-14682.json +++ b/2017/14xxx/CVE-2017-14682.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726", - "refsource" : "CONFIRM", - "url" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726" - }, - { - "name" : "DSA-4032", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4032" - }, - { - "name" : "DSA-4040", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4040" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726", + "refsource": "CONFIRM", + "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726" + }, + { + "name": "DSA-4040", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4040" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "DSA-4032", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4032" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14693.json b/2017/14xxx/CVE-2017-14693.json index 40ab366b4a2..321cc2e4ae0 100644 --- a/2017/14xxx/CVE-2017-14693.json +++ b/2017/14xxx/CVE-2017-14693.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to \"Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14693", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14693" - }, - { - "name" : "http://www.irfanview.net/main_history.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.net/main_history.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to \"Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14693", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14693" + }, + { + "name": "http://www.irfanview.net/main_history.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.net/main_history.htm" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14819.json b/2017/14xxx/CVE-2017-14819.json index d680d76da33..98c73a3260a 100644 --- a/2017/14xxx/CVE-2017-14819.json +++ b/2017/14xxx/CVE-2017-14819.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-863", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-863" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-863", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-863" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14832.json b/2017/14xxx/CVE-2017-14832.json index 8a53f541b8c..c9db6f7a2c5 100644 --- a/2017/14xxx/CVE-2017-14832.json +++ b/2017/14xxx/CVE-2017-14832.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-876", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-876" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-876", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-876" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14887.json b/2017/14xxx/CVE-2017-14887.json index 678b9a6e51e..42d6e4867f3 100644 --- a/2017/14xxx/CVE-2017-14887.json +++ b/2017/14xxx/CVE-2017-14887.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-14887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-14887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15744.json b/2017/15xxx/CVE-2017-15744.json index 5684d887211..a127712bde4 100644 --- a/2017/15xxx/CVE-2017-15744.json +++ b/2017/15xxx/CVE-2017-15744.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Read Access Violation on Control Flow starting at CADIMAGE+0x00000000003d35a7.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15744", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Read Access Violation on Control Flow starting at CADIMAGE+0x00000000003d35a7.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15744", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15744" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17178.json b/2017/17xxx/CVE-2017-17178.json index d657f112b9d..dd60a3f8e25 100644 --- a/2017/17xxx/CVE-2017-17178.json +++ b/2017/17xxx/CVE-2017-17178.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17178", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17178", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17448.json b/2017/17xxx/CVE-2017-17448.json index bca5f9d8f4c..d1f5199e460 100644 --- a/2017/17xxx/CVE-2017-17448.json +++ b/2017/17xxx/CVE-2017-17448.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://patchwork.kernel.org/patch/10089373/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/10089373/" - }, - { - "name" : "DSA-4073", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4073" - }, - { - "name" : "DSA-4082", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4082" - }, - { - "name" : "RHSA-2018:0654", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0654" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name" : "USN-3617-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-1/" - }, - { - "name" : "USN-3617-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-2/" - }, - { - "name" : "USN-3617-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-3/" - }, - { - "name" : "USN-3619-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-1/" - }, - { - "name" : "USN-3620-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3620-1/" - }, - { - "name" : "USN-3620-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3620-2/" - }, - { - "name" : "USN-3619-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-2/" - }, - { - "name" : "USN-3632-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3632-1/" - }, - { - "name" : "102117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchwork.kernel.org/patch/10089373/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/10089373/" + }, + { + "name": "USN-3617-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-1/" + }, + { + "name": "USN-3619-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-2/" + }, + { + "name": "DSA-4082", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4082" + }, + { + "name": "USN-3617-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-3/" + }, + { + "name": "USN-3632-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3632-1/" + }, + { + "name": "USN-3620-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3620-2/" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "RHSA-2018:0654", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0654" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "DSA-4073", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4073" + }, + { + "name": "USN-3617-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-2/" + }, + { + "name": "102117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102117" + }, + { + "name": "USN-3620-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3620-1/" + }, + { + "name": "USN-3619-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9405.json b/2017/9xxx/CVE-2017-9405.json index 06752ca4d23..0ae95bac617 100644 --- a/2017/9xxx/CVE-2017-9405.json +++ b/2017/9xxx/CVE-2017-9405.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/457", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/457", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/457" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9568.json b/2017/9xxx/CVE-2017-9568.json index 2fddb7a9d40..496b884fe49 100644 --- a/2017/9xxx/CVE-2017-9568.json +++ b/2017/9xxx/CVE-2017-9568.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9635.json b/2017/9xxx/CVE-2017-9635.json index a20b5e13edb..97bda93918d 100644 --- a/2017/9xxx/CVE-2017-9635.json +++ b/2017/9xxx/CVE-2017-9635.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2017-9635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Ampla MES", - "version" : { - "version_data" : [ - { - "version_value" : "versions 6.4 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inadequate encryption strength CWE-326" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2017-9635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ampla MES", + "version": { + "version_data": [ + { + "version_value": "versions 6.4 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05" - }, - { - "name" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/", - "refsource" : "CONFIRM", - "url" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/" - }, - { - "name" : "99469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inadequate encryption strength CWE-326" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05" + }, + { + "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/", + "refsource": "CONFIRM", + "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/" + }, + { + "name": "99469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99469" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9804.json b/2017/9xxx/CVE-2017-9804.json index b40004a3396..40907fb27d0 100644 --- a/2017/9xxx/CVE-2017-9804.json +++ b/2017/9xxx/CVE-2017-9804.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-9804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Struts", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.7 - 2.3.33" - }, - { - "version_value" : "2.5 - 2.5.12" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047)" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-9804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Struts", + "version": { + "version_data": [ + { + "version_value": "2.3.7 - 2.3.33" + }, + { + "version_value": "2.5 - 2.5.12" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://struts.apache.org/docs/s2-050.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-050.html" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180629-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180629-0001/" - }, - { - "name" : "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2" - }, - { - "name" : "100612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100612" - }, - { - "name" : "1039261", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" + }, + { + "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2" + }, + { + "name": "100612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100612" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180629-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180629-0001/" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" + }, + { + "name": "1039261", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039261" + }, + { + "name": "https://struts.apache.org/docs/s2-050.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-050.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9934.json b/2017/9xxx/CVE-2017-9934.json index 8353dbb9bf5..60e4a1df543 100644 --- a/2017/9xxx/CVE-2017-9934.json +++ b/2017/9xxx/CVE-2017-9934.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability" - }, - { - "name" : "99451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99451" - }, - { - "name" : "1038817", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99451" + }, + { + "name": "https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability" + }, + { + "name": "1038817", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038817" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0015.json b/2018/0xxx/CVE-2018-0015.json index d16fd9d1200..2d460dee47a 100644 --- a/2018/0xxx/CVE-2018-0015.json +++ b/2018/0xxx/CVE-2018-0015.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-02-20T15:00:00.000Z", - "ID" : "CVE-2018-0015", - "STATE" : "PUBLIC", - "TITLE" : "AppFormix: Debug Shell Command Execution in AppFormix Agent" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AppFormix", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "2.7", - "version_value" : "2.7.3" - }, - { - "affected" : "<", - "version_name" : "2.11", - "version_value" : "2.11.3" - }, - { - "affected" : "<", - "version_name" : "2.15", - "version_value" : "2.15.2" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: All versions up to and including 2.7.3; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized access" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-02-20T15:00:00.000Z", + "ID": "CVE-2018-0015", + "STATE": "PUBLIC", + "TITLE": "AppFormix: Debug Shell Command Execution in AppFormix Agent" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AppFormix", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "2.7", + "version_value": "2.7.3" + }, + { + "affected": "<", + "version_name": "2.11", + "version_value": "2.11.3" + }, + { + "affected": "<", + "version_name": "2.15", + "version_value": "2.15.2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10843", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10843" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: AppFormix v2.11.3, v2.15.2, and all subsequent releases." - } - ], - "source" : { - "advisory" : "JSA10843", - "discovery" : "USER" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "Follow security best current practices (BCPs) to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to well known ports on the platform, and only from trusted, administrative networks or hosts." - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: All versions up to and including 2.7.3; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10843", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10843" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: AppFormix v2.11.3, v2.15.2, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA10843", + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Follow security best current practices (BCPs) to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to well known ports on the platform, and only from trusted, administrative networks or hosts." + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0119.json b/2018/0xxx/CVE-2018-0119.json index 3739e9ffc98..7f3e6c16922 100644 --- a/2018/0xxx/CVE-2018-0119.json +++ b/2018/0xxx/CVE-2018-0119.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Spark", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Spark" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Spark", + "version": { + "version_data": [ + { + "version_value": "Cisco Spark" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-spark", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-spark" - }, - { - "name" : "102961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102961" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-spark", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-spark" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0188.json b/2018/0xxx/CVE-2018-0188.json index b70cd4f5e89..b1e03ede1b0 100644 --- a/2018/0xxx/CVE-2018-0188.json +++ b/2018/0xxx/CVE-2018-0188.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss" - }, - { - "name" : "103551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103551" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0593.json b/2018/0xxx/CVE-2018-0593.json index 5182c521979..f8dc271dfc9 100644 --- a/2018/0xxx/CVE-2018-0593.json +++ b/2018/0xxx/CVE-2018-0593.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of Microsoft OneDrive", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of Microsoft OneDrive", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", - "refsource" : "MISC", - "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "name" : "JVN#91151862", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" - }, - { - "name" : "104563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource": "MISC", + "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name": "JVN#91151862", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN91151862/index.html" + }, + { + "name": "104563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104563" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0611.json b/2018/0xxx/CVE-2018-0611.json index 057942c84e3..c91b09b6a6f 100644 --- a/2018/0xxx/CVE-2018-0611.json +++ b/2018/0xxx/CVE-2018-0611.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ANA App for iOS", - "version" : { - "version_data" : [ - { - "version_value" : "version 4.0.22 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "ALL NIPPON AIRWAYS CO., LTD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to verify SSL certificates" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ANA App for iOS", + "version": { + "version_data": [ + { + "version_value": "version 4.0.22 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "ALL NIPPON AIRWAYS CO., LTD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title", - "refsource" : "MISC", - "url" : "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title" - }, - { - "name" : "JVN#71535108", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN71535108/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#71535108", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN71535108/index.html" + }, + { + "name": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title", + "refsource": "MISC", + "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000077.json b/2018/1000xxx/CVE-2018-1000077.json index dac39e786c1..27ed295d06f 100644 --- a/2018/1000xxx/CVE-2018-1000077.json +++ b/2018/1000xxx/CVE-2018-1000077.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/18/2018 8:06:57", - "ID" : "CVE-2018-1000077", - "REQUESTER" : "craig.ingram@salesforce.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RubyGems", - "version" : { - "version_data" : [ - { - "version_value" : "Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422" - } - ] - } - } - ] - }, - "vendor_name" : "RubyGems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/18/2018 8:06:57", + "ID": "CVE-2018-1000077", + "REQUESTER": "craig.ingram@salesforce.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180401 [SECURITY] [DLA 1336-1] rubygems security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html" - }, - { - "name" : "[debian-lts-announce] 20180402 [SECURITY] [DLA 1337-1] jruby security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html" - }, - { - "name" : "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html" - }, - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" - }, - { - "name" : "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", - "refsource" : "MISC", - "url" : "http://blog.rubygems.org/2018/02/15/2.7.6-released.html" - }, - { - "name" : "https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964", - "refsource" : "MISC", - "url" : "https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964" - }, - { - "name" : "DSA-4219", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4219" - }, - { - "name" : "DSA-4259", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4259" - }, - { - "name" : "RHSA-2018:3729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3729" - }, - { - "name" : "RHSA-2018:3730", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3730" - }, - { - "name" : "RHSA-2018:3731", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3731" - }, - { - "name" : "USN-3621-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3621-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4219", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4219" + }, + { + "name": "USN-3621-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3621-1/" + }, + { + "name": "RHSA-2018:3729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3729" + }, + { + "name": "RHSA-2018:3730", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3730" + }, + { + "name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html" + }, + { + "name": "RHSA-2018:3731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3731" + }, + { + "name": "[debian-lts-announce] 20180402 [SECURITY] [DLA 1337-1] jruby security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" + }, + { + "name": "DSA-4259", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4259" + }, + { + "name": "https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964", + "refsource": "MISC", + "url": "https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964" + }, + { + "name": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", + "refsource": "MISC", + "url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html" + }, + { + "name": "[debian-lts-announce] 20180401 [SECURITY] [DLA 1336-1] rubygems security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000225.json b/2018/1000xxx/CVE-2018-1000225.json index f298745123d..f0c6ab67fb7 100644 --- a/2018/1000xxx/CVE-2018-1000225.json +++ b/2018/1000xxx/CVE-2018-1000225.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-02T16:41:53.515834", - "DATE_REQUESTED" : "2018-08-02T16:09:44", - "ID" : "CVE-2018-1000225", - "REQUESTER" : "cvereports@movermeyer.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cobbler", - "version" : { - "version_data" : [ - { - "version_value" : "Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable" - } - ] - } - } - ] - }, - "vendor_name" : "Cobbler" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-02T16:41:53.515834", + "DATE_REQUESTED": "2018-08-02T16:09:44", + "ID": "CVE-2018-1000225", + "REQUESTER": "cvereports@movermeyer.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/", - "refsource" : "MISC", - "url" : "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/" - }, - { - "name" : "https://github.com/cobbler/cobbler/issues/1917", - "refsource" : "CONFIRM", - "url" : "https://github.com/cobbler/cobbler/issues/1917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cobbler/cobbler/issues/1917", + "refsource": "CONFIRM", + "url": "https://github.com/cobbler/cobbler/issues/1917" + }, + { + "name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/", + "refsource": "MISC", + "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000513.json b/2018/1000xxx/CVE-2018-1000513.json index 17229e72b37..dce2d98eedf 100644 --- a/2018/1000xxx/CVE-2018-1000513.json +++ b/2018/1000xxx/CVE-2018-1000513.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.014969", - "DATE_REQUESTED" : "2018-04-11T14:06:37", - "ID" : "CVE-2018-1000513", - "REQUESTER" : "strukt93@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LimeSurvey", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0-beta.3+17110" - } - ] - } - } - ] - }, - "vendor_name" : "LimeSurvey" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.014969", + "DATE_REQUESTED": "2018-04-11T14:06:37", + "ID": "CVE-2018-1000513", + "REQUESTER": "strukt93@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.limesurvey.org/view.php?id=13560", - "refsource" : "MISC", - "url" : "https://bugs.limesurvey.org/view.php?id=13560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.limesurvey.org/view.php?id=13560", + "refsource": "MISC", + "url": "https://bugs.limesurvey.org/view.php?id=13560" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16457.json b/2018/16xxx/CVE-2018-16457.json index febe7107204..c62bfcce547 100644 --- a/2018/16xxx/CVE-2018-16457.json +++ b/2018/16xxx/CVE-2018-16457.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://googlequeens.com/2018/09/04/cve-2018-16457-open-source-real-estate-script-3-6-2-directory-traversal/", - "refsource" : "MISC", - "url" : "https://googlequeens.com/2018/09/04/cve-2018-16457-open-source-real-estate-script-3-6-2-directory-traversal/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://googlequeens.com/2018/09/04/cve-2018-16457-open-source-real-estate-script-3-6-2-directory-traversal/", + "refsource": "MISC", + "url": "https://googlequeens.com/2018/09/04/cve-2018-16457-open-source-real-estate-script-3-6-2-directory-traversal/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19558.json b/2018/19xxx/CVE-2018-19558.json index e5386a3d108..1eac0938cc4 100644 --- a/2018/19xxx/CVE-2018-19558.json +++ b/2018/19xxx/CVE-2018-19558.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/assnr/arcms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/assnr/arcms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/assnr/arcms/issues/1", + "refsource": "MISC", + "url": "https://github.com/assnr/arcms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19739.json b/2018/19xxx/CVE-2018-19739.json index 15bd4e07381..61a5e1c8c93 100644 --- a/2018/19xxx/CVE-2018-19739.json +++ b/2018/19xxx/CVE-2018-19739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19739", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19739", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19940.json b/2018/19xxx/CVE-2018-19940.json index 80824fdbab8..ccfd5254682 100644 --- a/2018/19xxx/CVE-2018-19940.json +++ b/2018/19xxx/CVE-2018-19940.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19940", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19940", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19972.json b/2018/19xxx/CVE-2018-19972.json index bbc9f585774..69542746d72 100644 --- a/2018/19xxx/CVE-2018-19972.json +++ b/2018/19xxx/CVE-2018-19972.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19972", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19972", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1833.json b/2018/1xxx/CVE-2018-1833.json index 5e41fa83fc2..cfe8186e1b7 100644 --- a/2018/1xxx/CVE-2018-1833.json +++ b/2018/1xxx/CVE-2018-1833.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-17T00:00:00", - "ID" : "CVE-2018-1833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Event Streams", - "version" : { - "version_data" : [ - { - "version_value" : "2018.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "N", - "I" : "H", - "PR" : "L", - "S" : "U", - "SCORE" : "5.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-17T00:00:00", + "ID": "CVE-2018-1833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Event Streams", + "version": { + "version_data": [ + { + "version_value": "2018.3.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10787535", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10787535" - }, - { - "name" : "106330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106330" - }, - { - "name" : "ibm-events-cve20181833-host-header(150507)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "N", + "I": "H", + "PR": "L", + "S": "U", + "SCORE": "5.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106330" + }, + { + "name": "ibm-events-cve20181833-host-header(150507)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150507" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10787535", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10787535" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4150.json b/2018/4xxx/CVE-2018-4150.json index 517d8cb69b1..347e9dc4124 100644 --- a/2018/4xxx/CVE-2018-4150.json +++ b/2018/4xxx/CVE-2018-4150.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208692", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208692" - }, - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208696", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208696" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - }, - { - "name" : "1040608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208692", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208692" + }, + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "https://support.apple.com/HT208696", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208696" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "1040608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040608" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4155.json b/2018/4xxx/CVE-2018-4155.json index ebfb05f333a..7ae592ff55d 100644 --- a/2018/4xxx/CVE-2018-4155.json +++ b/2018/4xxx/CVE-2018-4155.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"CoreFoundation\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208692", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208692" - }, - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208696", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208696" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - }, - { - "name" : "1040608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"CoreFoundation\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208692", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208692" + }, + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "https://support.apple.com/HT208696", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208696" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "1040608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040608" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4350.json b/2018/4xxx/CVE-2018-4350.json index ee6bae6cd60..5dcf230f659 100644 --- a/2018/4xxx/CVE-2018-4350.json +++ b/2018/4xxx/CVE-2018-4350.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4350", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4350", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4655.json b/2018/4xxx/CVE-2018-4655.json index e3f3996606f..679a7fe3e59 100644 --- a/2018/4xxx/CVE-2018-4655.json +++ b/2018/4xxx/CVE-2018-4655.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4655", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4655", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file