diff --git a/2008/0xxx/CVE-2008-0355.json b/2008/0xxx/CVE-2008-0355.json index a3b7dbdc7e5..9577a50680a 100644 --- a/2008/0xxx/CVE-2008-0355.json +++ b/2008/0xxx/CVE-2008-0355.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4929", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4929" - }, - { - "name" : "27326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27326" - }, - { - "name" : "phpechocms-index-sql-injection(39741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpechocms-index-sql-injection(39741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39741" + }, + { + "name": "4929", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4929" + }, + { + "name": "27326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27326" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0470.json b/2008/0xxx/CVE-2008-0470.json index 93b3deaf9c1..bd2ca7b0118 100644 --- a/2008/0xxx/CVE-2008-0470.json +++ b/2008/0xxx/CVE-2008-0470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4974", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4974" - }, - { - "name" : "27424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27424" - }, - { - "name" : "comodo-antivirus-command-execution(39904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "comodo-antivirus-command-execution(39904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39904" + }, + { + "name": "27424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27424" + }, + { + "name": "4974", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4974" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0697.json b/2008/0xxx/CVE-2008-0697.json index bd2d0ad007f..4de2e05b8e2 100644 --- a/2008/0xxx/CVE-2008-0697.json +++ b/2008/0xxx/CVE-2008-0697.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" - }, - { - "name" : "IZ03546", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546" - }, - { - "name" : "ADV-2008-0401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0401" - }, - { - "name" : "28771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" + }, + { + "name": "IZ03546", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546" + }, + { + "name": "28771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28771" + }, + { + "name": "ADV-2008-0401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0401" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0753.json b/2008/0xxx/CVE-2008-0753.json index d7f680d247a..c288c1c8adc 100644 --- a/2008/0xxx/CVE-2008-0753.json +++ b/2008/0xxx/CVE-2008-0753.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080210 Vwar 1.5.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487900/100/0/threaded" - }, - { - "name" : "27722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27722" - }, - { - "name" : "3643", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080210 Vwar 1.5.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487900/100/0/threaded" + }, + { + "name": "27722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27722" + }, + { + "name": "3643", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3643" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0862.json b/2008/0xxx/CVE-2008-0862.json index 441c4131494..15fb005f7a2 100644 --- a/2008/0xxx/CVE-2008-0862.json +++ b/2008/0xxx/CVE-2008-0862.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21257250", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21257250" - }, - { - "name" : "ADV-2008-0600", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0600/references" - }, - { - "name" : "29031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0600", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0600/references" + }, + { + "name": "29031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29031" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21257250", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257250" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1105.json b/2008/1xxx/CVE-2008-1105.json index b796def0550..bdbc8e985ee 100644 --- a/2008/1xxx/CVE-2008-1105.json +++ b/2008/1xxx/CVE-2008-1105.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-1105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080528 [SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492683/100/0/threaded" - }, - { - "name" : "20080602 rPSA-2008-0180-1 samba samba-client samba-server samba-swat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492903/100/0/threaded" - }, - { - "name" : "20080529 Secunia Research: Samba \"receive_smb_raw()\" Buffer OverflowVulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492737/100/0/threaded" - }, - { - "name" : "5712", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5712" - }, - { - "name" : "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000023.html" - }, - { - "name" : "http://secunia.com/secunia_research/2008-20/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-20/advisory/" - }, - { - "name" : "http://support.apple.com/kb/HT2163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT2163" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2008-1105.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2008-1105.html" - }, - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_009.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_009.pdf" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0180", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0180" - }, - { - "name" : "APPLE-SA-2008-06-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" - }, - { - "name" : "DSA-1590", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1590" - }, - { - "name" : "FEDORA-2008-4679", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01006.html" - }, - { - "name" : "FEDORA-2008-4724", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01030.html" - }, - { - "name" : "FEDORA-2008-4797", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01082.html" - }, - { - "name" : "GLSA-200805-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-23.xml" - }, - { - "name" : "HPSBUX02341", - "refsource" : "HP", - "url" : "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657" - }, - { - "name" : "SSRT080075", - "refsource" : "HP", - "url" : "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657" - }, - { - "name" : "MDVSA-2008:108", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:108" - }, - { - "name" : "RHSA-2008:0288", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0288.html" - }, - { - "name" : "RHSA-2008:0289", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0289.html" - }, - { - "name" : "RHSA-2008:0290", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0290.html" - }, - { - "name" : "SSA:2008-149-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473951" - }, - { - "name" : "249086", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249086-1" - }, - { - "name" : "SUSE-SA:2008:026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html" - }, - { - "name" : "USN-617-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-617-1" - }, - { - "name" : "USN-617-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-617-2" - }, - { - "name" : "29404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29404" - }, - { - "name" : "31255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31255" - }, - { - "name" : "oval:org.mitre.oval:def:5733", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5733" - }, - { - "name" : "oval:org.mitre.oval:def:10020", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10020" - }, - { - "name" : "30449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30449" - }, - { - "name" : "30478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30478" - }, - { - "name" : "30442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30442" - }, - { - "name" : "ADV-2008-1681", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1681" - }, - { - "name" : "ADV-2008-1908", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1908" - }, - { - "name" : "ADV-2008-1981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1981/references" - }, - { - "name" : "ADV-2008-2222", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2222/references" - }, - { - "name" : "ADV-2008-2639", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2639" - }, - { - "name" : "1020123", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020123" - }, - { - "name" : "30228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30228" - }, - { - "name" : "30385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30385" - }, - { - "name" : "30543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30543" - }, - { - "name" : "30489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30489" - }, - { - "name" : "30736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30736" - }, - { - "name" : "30835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30835" - }, - { - "name" : "30802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30802" - }, - { - "name" : "31246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31246" - }, - { - "name" : "31911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31911" - }, - { - "name" : "30396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30396" - }, - { - "name" : "33696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33696" - }, - { - "name" : "xerox-controller-samba-code-execution(45251)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45251" - }, - { - "name" : "samba-receivesmbraw-bo(42664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:0288", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0288.html" + }, + { + "name": "30478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30478" + }, + { + "name": "FEDORA-2008-4724", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01030.html" + }, + { + "name": "30396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30396" + }, + { + "name": "http://support.apple.com/kb/HT2163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT2163" + }, + { + "name": "30489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30489" + }, + { + "name": "ADV-2008-2639", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2639" + }, + { + "name": "1020123", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020123" + }, + { + "name": "30835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30835" + }, + { + "name": "ADV-2008-1981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1981/references" + }, + { + "name": "30736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30736" + }, + { + "name": "oval:org.mitre.oval:def:5733", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5733" + }, + { + "name": "30385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30385" + }, + { + "name": "SSA:2008-149-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473951" + }, + { + "name": "31911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31911" + }, + { + "name": "ADV-2008-1908", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1908" + }, + { + "name": "RHSA-2008:0290", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0290.html" + }, + { + "name": "samba-receivesmbraw-bo(42664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42664" + }, + { + "name": "HPSBUX02341", + "refsource": "HP", + "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657" + }, + { + "name": "5712", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5712" + }, + { + "name": "APPLE-SA-2008-06-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" + }, + { + "name": "ADV-2008-2222", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2222/references" + }, + { + "name": "FEDORA-2008-4797", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01082.html" + }, + { + "name": "FEDORA-2008-4679", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01006.html" + }, + { + "name": "SSRT080075", + "refsource": "HP", + "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657" + }, + { + "name": "249086", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249086-1" + }, + { + "name": "30449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30449" + }, + { + "name": "MDVSA-2008:108", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:108" + }, + { + "name": "30802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30802" + }, + { + "name": "33696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33696" + }, + { + "name": "30442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30442" + }, + { + "name": "30543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30543" + }, + { + "name": "20080528 [SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492683/100/0/threaded" + }, + { + "name": "30228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30228" + }, + { + "name": "USN-617-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-617-2" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_009.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_009.pdf" + }, + { + "name": "USN-617-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-617-1" + }, + { + "name": "31255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31255" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0180", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0180" + }, + { + "name": "20080529 Secunia Research: Samba \"receive_smb_raw()\" Buffer OverflowVulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492737/100/0/threaded" + }, + { + "name": "GLSA-200805-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-23.xml" + }, + { + "name": "http://secunia.com/secunia_research/2008-20/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-20/advisory/" + }, + { + "name": "SUSE-SA:2008:026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html" + }, + { + "name": "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000023.html" + }, + { + "name": "oval:org.mitre.oval:def:10020", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10020" + }, + { + "name": "xerox-controller-samba-code-execution(45251)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45251" + }, + { + "name": "ADV-2008-1681", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1681" + }, + { + "name": "RHSA-2008:0289", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0289.html" + }, + { + "name": "31246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31246" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2008-1105.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2008-1105.html" + }, + { + "name": "29404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29404" + }, + { + "name": "DSA-1590", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1590" + }, + { + "name": "20080602 rPSA-2008-0180-1 samba samba-client samba-server samba-swat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492903/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1567.json b/2008/1xxx/CVE-2008-1567.json index 81a9b4881ba..a8a1af6ed1f 100644 --- a/2008/1xxx/CVE-2008-1567.json +++ b/2008/1xxx/CVE-2008-1567.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2" - }, - { - "name" : "DSA-1557", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1557" - }, - { - "name" : "FEDORA-2008-2825", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html" - }, - { - "name" : "FEDORA-2008-2874", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html" - }, - { - "name" : "MDVSA-2008:131", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:131" - }, - { - "name" : "SUSE-SR:2008:026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" - }, - { - "name" : "SUSE-SR:2009:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" - }, - { - "name" : "28560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28560" - }, - { - "name" : "ADV-2008-1037", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1037/references" - }, - { - "name" : "29613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29613" - }, - { - "name" : "29588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29588" - }, - { - "name" : "29964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29964" - }, - { - "name" : "30816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30816" - }, - { - "name" : "32834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32834" - }, - { - "name" : "33822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33822" - }, - { - "name" : "phpmyadmin-sessiondata-info-disclosure(41541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28560" + }, + { + "name": "SUSE-SR:2009:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" + }, + { + "name": "DSA-1557", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1557" + }, + { + "name": "32834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32834" + }, + { + "name": "29964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29964" + }, + { + "name": "30816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30816" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408" + }, + { + "name": "FEDORA-2008-2874", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html" + }, + { + "name": "29613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29613" + }, + { + "name": "29588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29588" + }, + { + "name": "FEDORA-2008-2825", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2" + }, + { + "name": "33822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33822" + }, + { + "name": "phpmyadmin-sessiondata-info-disclosure(41541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41541" + }, + { + "name": "ADV-2008-1037", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1037/references" + }, + { + "name": "SUSE-SR:2008:026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" + }, + { + "name": "MDVSA-2008:131", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:131" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1792.json b/2008/1xxx/CVE-2008-1792.json index 1ab57b25efc..6b5579b19d4 100644 --- a/2008/1xxx/CVE-2008-1792.json +++ b/2008/1xxx/CVE-2008-1792.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/241939", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/241939" - }, - { - "name" : "28594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28594" - }, - { - "name" : "ADV-2008-1082", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1082/references" - }, - { - "name" : "29658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29658" - }, - { - "name" : "flickr-unspecified-xss(41603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29658" + }, + { + "name": "http://drupal.org/node/241939", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/241939" + }, + { + "name": "flickr-unspecified-xss(41603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41603" + }, + { + "name": "ADV-2008-1082", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1082/references" + }, + { + "name": "28594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28594" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3141.json b/2008/3xxx/CVE-2008-3141.json index 2a9b8c2653c..4215be4f124 100644 --- a/2008/3xxx/CVE-2008-3141.json +++ b/2008/3xxx/CVE-2008-3141.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080703 rPSA-2008-0212-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493882/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" - }, - { - "name" : "DSA-1673", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1673" - }, - { - "name" : "FEDORA-2008-6440", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" - }, - { - "name" : "GLSA-200808-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-04.xml" - }, - { - "name" : "RHSA-2008:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "30020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30020" - }, - { - "name" : "oval:org.mitre.oval:def:11324", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11324" - }, - { - "name" : "1020404", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020404" - }, - { - "name" : "30886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30886" - }, - { - "name" : "30942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30942" - }, - { - "name" : "31085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31085" - }, - { - "name" : "ADV-2008-1982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1982/references" - }, - { - "name" : "ADV-2008-2773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2773" - }, - { - "name" : "31378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31378" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "32091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32091" - }, - { - "name" : "32944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32944" - }, - { - "name" : "wireshark-rmi-information-disclosure(43520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30886" + }, + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "30942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30942" + }, + { + "name": "FEDORA-2008-6440", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" + }, + { + "name": "RHSA-2008:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html" + }, + { + "name": "ADV-2008-1982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1982/references" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html" + }, + { + "name": "GLSA-200808-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" + }, + { + "name": "32091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32091" + }, + { + "name": "20080703 rPSA-2008-0212-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded" + }, + { + "name": "ADV-2008-2773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2773" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" + }, + { + "name": "32944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32944" + }, + { + "name": "wireshark-rmi-information-disclosure(43520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43520" + }, + { + "name": "30020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30020" + }, + { + "name": "31378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31378" + }, + { + "name": "1020404", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020404" + }, + { + "name": "oval:org.mitre.oval:def:11324", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11324" + }, + { + "name": "DSA-1673", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1673" + }, + { + "name": "31085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31085" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3560.json b/2008/3xxx/CVE-2008-3560.json index 5b0063a8a42..9859003abf3 100644 --- a/2008/3xxx/CVE-2008-3560.json +++ b/2008/3xxx/CVE-2008-3560.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30576.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30576.html" - }, - { - "name" : "http://lostmon.blogspot.com/2008/08/kshop-module-search-variable-and-field.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2008/08/kshop-module-search-variable-and-field.html" - }, - { - "name" : "30576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30576" - }, - { - "name" : "31402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31402" - }, - { - "name" : "kshop-kshopsearch-xss(44261)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31402" + }, + { + "name": "30576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30576" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30576.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30576.html" + }, + { + "name": "http://lostmon.blogspot.com/2008/08/kshop-module-search-variable-and-field.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2008/08/kshop-module-search-variable-and-field.html" + }, + { + "name": "kshop-kshopsearch-xss(44261)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44261" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3613.json b/2008/3xxx/CVE-2008-3613.json index 3af4c4ce76c..1194624c4d7 100644 --- a/2008/3xxx/CVE-2008-3613.json +++ b/2008/3xxx/CVE-2008-3613.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "31189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31189" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "1020875", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020875" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "macos-finder-disk-dos(45166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31189" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "1020875", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020875" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "macos-finder-disk-dos(45166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45166" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4192.json b/2008/4xxx/CVE-2008-4192.json index 567a330e82d..72b5ee7b4a6 100644 --- a/2008/4xxx/CVE-2008-4192.json +++ b/2008/4xxx/CVE-2008-4192.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080918 CVE Request (openswan, emacspeak, cman)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/18/3" - }, - { - "name" : "[oss-security] 20080923 Re: CVE Request (openswan, emacspeak, cman)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/24/2" - }, - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=460476", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=460476" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/cman", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/cman" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "FEDORA-2008-9042", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html" - }, - { - "name" : "RHSA-2011:0266", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0266.html" - }, - { - "name" : "USN-875-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-875-1" - }, - { - "name" : "30898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30898" - }, - { - "name" : "32387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32387" - }, - { - "name" : "32390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32390" - }, - { - "name" : "31887", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31887" - }, - { - "name" : "43362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43362" - }, - { - "name" : "ADV-2011-0419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0419" - }, - { - "name" : "cman-fenceegenera-symlink(44845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30898" + }, + { + "name": "32390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32390" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/cman", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/cman" + }, + { + "name": "32387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32387" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "31887", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31887" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "cman-fenceegenera-symlink(44845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44845" + }, + { + "name": "ADV-2011-0419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0419" + }, + { + "name": "USN-875-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-875-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=460476", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460476" + }, + { + "name": "[oss-security] 20080918 CVE Request (openswan, emacspeak, cman)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/18/3" + }, + { + "name": "[oss-security] 20080923 Re: CVE Request (openswan, emacspeak, cman)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/24/2" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410" + }, + { + "name": "FEDORA-2008-9042", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html" + }, + { + "name": "43362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43362" + }, + { + "name": "RHSA-2011:0266", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0266.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4630.json b/2008/4xxx/CVE-2008-4630.json index 88756039e61..010fad0fdbb 100644 --- a/2008/4xxx/CVE-2008-4630.json +++ b/2008/4xxx/CVE-2008-4630.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/midcom/?branch_id=38063&release_id=286210", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/midcom/?branch_id=38063&release_id=286210" - }, - { - "name" : "31829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31829" - }, - { - "name" : "32178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32178" - }, - { - "name" : "midgard-multiple-unspecified(45962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32178" + }, + { + "name": "http://freshmeat.net/projects/midcom/?branch_id=38063&release_id=286210", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/midcom/?branch_id=38063&release_id=286210" + }, + { + "name": "midgard-multiple-unspecified(45962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45962" + }, + { + "name": "31829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31829" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4784.json b/2008/4xxx/CVE-2008-4784.json index 5486e3b2050..f02733b0cb6 100644 --- a/2008/4xxx/CVE-2008-4784.json +++ b/2008/4xxx/CVE-2008-4784.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to \"A\" or \"O\" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6818", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6818" - }, - { - "name" : "31894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31894" - }, - { - "name" : "4524", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4524" - }, - { - "name" : "aflog-aflogautha-security-bypass(46083)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to \"A\" or \"O\" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4524", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4524" + }, + { + "name": "aflog-aflogautha-security-bypass(46083)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46083" + }, + { + "name": "31894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31894" + }, + { + "name": "6818", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6818" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4836.json b/2008/4xxx/CVE-2008-4836.json index 2fa36c2db6b..baba4d8895d 100644 --- a/2008/4xxx/CVE-2008-4836.json +++ b/2008/4xxx/CVE-2008-4836.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4836", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4836", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4929.json b/2008/4xxx/CVE-2008-4929.json index 3a5ebd0aefa..a9aa6724b22 100644 --- a/2008/4xxx/CVE-2008-4929.json +++ b/2008/4xxx/CVE-2008-4929.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html" - }, - { - "name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html" - }, - { - "name" : "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/01/2" - }, - { - "name" : "31936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31936" - }, - { - "name" : "ADV-2008-2967", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31936" + }, + { + "name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html" + }, + { + "name": "ADV-2008-2967", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2967" + }, + { + "name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html" + }, + { + "name": "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/01/2" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2041.json b/2013/2xxx/CVE-2013-2041.json index d01d4d979b8..10454f1ffbd 100644 --- a/2013/2xxx/CVE-2013-2041.json +++ b/2013/2xxx/CVE-2013-2041.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-021/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2310.json b/2013/2xxx/CVE-2013-2310.json index d997b85f6e1..c19d7d6f2a9 100644 --- a/2013/2xxx/CVE-2013-2310.json +++ b/2013/2xxx/CVE-2013-2310.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-2310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN85371480/397327/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN85371480/397327/index.html" - }, - { - "name" : "http://jvn.jp/en/jp/JVN85371480/995319/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN85371480/995319/index.html" - }, - { - "name" : "http://jvn.jp/en/jp/JVN85371480/995417/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN85371480/995417/index.html" - }, - { - "name" : "JVN#85371480", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN85371480/index.html" - }, - { - "name" : "JVNDB-2013-000039", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN85371480/397327/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN85371480/397327/index.html" + }, + { + "name": "JVN#85371480", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN85371480/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN85371480/995417/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN85371480/995417/index.html" + }, + { + "name": "JVNDB-2013-000039", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000039" + }, + { + "name": "http://jvn.jp/en/jp/JVN85371480/995319/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN85371480/995319/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2534.json b/2013/2xxx/CVE-2013-2534.json index dfcf3078366..3b16c2e017c 100644 --- a/2013/2xxx/CVE-2013-2534.json +++ b/2013/2xxx/CVE-2013-2534.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2534", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2534", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2588.json b/2013/2xxx/CVE-2013-2588.json index d44914aada7..14fa67ee29b 100644 --- a/2013/2xxx/CVE-2013-2588.json +++ b/2013/2xxx/CVE-2013-2588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2588", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2588", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2593.json b/2013/2xxx/CVE-2013-2593.json index 43c29f7b189..3cef612259f 100644 --- a/2013/2xxx/CVE-2013-2593.json +++ b/2013/2xxx/CVE-2013-2593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2593", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2593", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2736.json b/2013/2xxx/CVE-2013-2736.json index 14186db9df1..62232803737 100644 --- a/2013/2xxx/CVE-2013-2736.json +++ b/2013/2xxx/CVE-2013-2736.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-2736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0826", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html" - }, - { - "name" : "SUSE-SU-2013:0809", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:15880", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html" + }, + { + "name": "SUSE-SU-2013:0809", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" + }, + { + "name": "RHSA-2013:0826", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html" + }, + { + "name": "oval:org.mitre.oval:def:15880", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15880" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3798.json b/2013/3xxx/CVE-2013-3798.json index 2843fb8ca8a..920d609af75 100644 --- a/2013/3xxx/CVE-2013-3798.json +++ b/2013/3xxx/CVE-2013-3798.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "SUSE-SU-2013:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html" - }, - { - "name" : "openSUSE-SU-2013:1335", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html" - }, - { - "name" : "openSUSE-SU-2013:1410", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html" - }, - { - "name" : "SUSE-SU-2013:1529", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html" - }, - { - "name" : "61274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61274" - }, - { - "name" : "95321", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95321", + "refsource": "OSVDB", + "url": "http://osvdb.org/95321" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "openSUSE-SU-2013:1335", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html" + }, + { + "name": "SUSE-SU-2013:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html" + }, + { + "name": "openSUSE-SU-2013:1410", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html" + }, + { + "name": "61274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61274" + }, + { + "name": "SUSE-SU-2013:1529", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3821.json b/2013/3xxx/CVE-2013-3821.json index 3b31691f1e8..f783125f933 100644 --- a/2013/3xxx/CVE-2013-3821.json +++ b/2013/3xxx/CVE-2013-3821.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via unknown vectors related to Integration Broker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "61221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61221" - }, - { - "name" : "95292", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95292" - }, - { - "name" : "54233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54233" - }, - { - "name" : "oracle-cpujuly2013-cve20133821(85679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via unknown vectors related to Integration Broker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "oracle-cpujuly2013-cve20133821(85679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85679" + }, + { + "name": "95292", + "refsource": "OSVDB", + "url": "http://osvdb.org/95292" + }, + { + "name": "54233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54233" + }, + { + "name": "61221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61221" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4227.json b/2013/4xxx/CVE-2013-4227.json index 0a8aad3a676..d791340853c 100644 --- a/2013/4xxx/CVE-2013-4227.json +++ b/2013/4xxx/CVE-2013-4227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4227", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4227", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6122.json b/2013/6xxx/CVE-2013-6122.json index 354851c23a7..c474d4f66b1 100644 --- a/2013/6xxx/CVE-2013-6122.json +++ b/2013/6xxx/CVE-2013-6122.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131108 Advisory report - Multiple memory corruption and race condition in Goodix gt915 Android touchscreen driver (CVE-2013-4740 & CVE-2013-6122)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/08/1" - }, - { - "name" : "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05" - }, - { - "name" : "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131108 Advisory report - Multiple memory corruption and race condition in Goodix gt915 Android touchscreen driver (CVE-2013-4740 & CVE-2013-6122)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1" + }, + { + "name": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler" + }, + { + "name": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6693.json b/2013/6xxx/CVE-2013-6693.json index 261c6271291..48c4e3ab91e 100644 --- a/2013/6xxx/CVE-2013-6693.json +++ b/2013/6xxx/CVE-2013-6693.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31861", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31861" - }, - { - "name" : "20131121 Cisco IOS Software MLDP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31861", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31861" + }, + { + "name": "20131121 Cisco IOS Software MLDP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6693" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7295.json b/2013/7xxx/CVE-2013-7295.json index 4075720c684..cab7b09243d 100644 --- a/2013/7xxx/CVE-2013-7295.json +++ b/2013/7xxx/CVE-2013-7295.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[tor-talk] 20131223 Tor 0.2.4.20 is released", - "refsource" : "MLIST", - "url" : "https://lists.torproject.org/pipermail/tor-talk/2013-December/031483.html" - }, - { - "name" : "openSUSE-SU-2014:0143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00095.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00095.html" + }, + { + "name": "[tor-talk] 20131223 Tor 0.2.4.20 is released", + "refsource": "MLIST", + "url": "https://lists.torproject.org/pipermail/tor-talk/2013-December/031483.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7375.json b/2013/7xxx/CVE-2013-7375.json index 6fc6ebc8a92..b807a707f13 100644 --- a/2013/7xxx/CVE-2013-7375.json +++ b/2013/7xxx/CVE-2013-7375.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130216 PHP-Fusion 7.02.05 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Feb/80" - }, - { - "name" : "20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Feb/154" - }, - { - "name" : "http://packetstormsecurity.com/files/120368/PHP-Fusion-CMS-7.02.05-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120368/PHP-Fusion-CMS-7.02.05-SQL-Injection.html" - }, - { - "name" : "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" - }, - { - "name" : "http://www.waraxe.us/advisory-97.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-97.html" - }, - { - "name" : "https://vndh.net/note:php-fusion-70205-sql-injection", - "refsource" : "MISC", - "url" : "https://vndh.net/note:php-fusion-70205-sql-injection" - }, - { - "name" : "58011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58011" - }, - { - "name" : "90359", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/90359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/advisory-97.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-97.html" + }, + { + "name": "90359", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/90359" + }, + { + "name": "20130216 PHP-Fusion 7.02.05 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Feb/80" + }, + { + "name": "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" + }, + { + "name": "https://vndh.net/note:php-fusion-70205-sql-injection", + "refsource": "MISC", + "url": "https://vndh.net/note:php-fusion-70205-sql-injection" + }, + { + "name": "58011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58011" + }, + { + "name": "20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Feb/154" + }, + { + "name": "http://packetstormsecurity.com/files/120368/PHP-Fusion-CMS-7.02.05-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120368/PHP-Fusion-CMS-7.02.05-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10277.json b/2017/10xxx/CVE-2017-10277.json index d0ba2ea4803..19f7d2ccc78 100644 --- a/2017/10xxx/CVE-2017-10277.json +++ b/2017/10xxx/CVE-2017-10277.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Connectors", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "6.9.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Connectors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.9.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" - }, - { - "name" : "101439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101439" - }, - { - "name" : "1039597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0002/" + }, + { + "name": "1039597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039597" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101439" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10448.json b/2017/10xxx/CVE-2017-10448.json index 1024da1a4d7..54948c5a874 100644 --- a/2017/10xxx/CVE-2017-10448.json +++ b/2017/10xxx/CVE-2017-10448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10557.json b/2017/10xxx/CVE-2017-10557.json index da09aafbb5f..cc3681af7d0 100644 --- a/2017/10xxx/CVE-2017-10557.json +++ b/2017/10xxx/CVE-2017-10557.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10557", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10557", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10620.json b/2017/10xxx/CVE-2017-10620.json index fdd05ae5aa9..d897396c71d 100644 --- a/2017/10xxx/CVE-2017-10620.json +++ b/2017/10xxx/CVE-2017-10620.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2017-10-11T09:00", - "ID" : "CVE-2017-10620", - "STATE" : "PUBLIC", - "TITLE" : "SRX Series: Antivirus updates are downloaded without verification" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "platform" : "SRX Series", - "version_value" : "12.1X46 prior to 12.3X46-D71" - }, - { - "platform" : "SRX Series", - "version_value" : "12.3X48 prior to 12.3X48-D55" - }, - { - "platform" : "SRX Series", - "version_value" : "15.1X49 prior to 15.1X49-D110" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [], - "credit" : [], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;" - } - ] - }, - "exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.4, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient verification" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2017-10-11T09:00", + "ID": "CVE-2017-10620", + "STATE": "PUBLIC", + "TITLE": "SRX Series: Antivirus updates are downloaded without verification" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "SRX Series", + "version_value": "12.1X46 prior to 12.3X46-D71" + }, + { + "platform": "SRX Series", + "version_value": "12.3X48 prior to 12.3X48-D55" + }, + { + "platform": "SRX Series", + "version_value": "15.1X49 prior to 15.1X49-D110" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10822", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10822" - } - ] - }, - "solution" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.1X46-D73, 12.3X48-D55, 15.1X49-D110, 17.4R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1217408 and is visible on the Customer Support website.", - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no viable workarounds for this issue.\n\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts." - } - ] -} + } + }, + "configuration": [], + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;" + } + ] + }, + "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient verification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10822", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10822" + } + ] + }, + "solution": "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.1X46-D73, 12.3X48-D55, 15.1X49-D110, 17.4R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1217408 and is visible on the Customer Support website.", + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue.\n\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts." + } + ] +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13027.json b/2017/13xxx/CVE-2017-13027.json index 0559d8a5825..6ad2e0b6163 100644 --- a/2017/13xxx/CVE-2017-13027.json +++ b/2017/13xxx/CVE-2017-13027.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/a77ff09c46560bc895dea11dc9fe643486b056ac", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/a77ff09c46560bc895dea11dc9fe643486b056ac" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/a77ff09c46560bc895dea11dc9fe643486b056ac", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/a77ff09c46560bc895dea11dc9fe643486b056ac" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13373.json b/2017/13xxx/CVE-2017-13373.json index b399d5e7255..51da0ec79f9 100644 --- a/2017/13xxx/CVE-2017-13373.json +++ b/2017/13xxx/CVE-2017-13373.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13373", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13373", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14122.json b/2017/14xxx/CVE-2017-14122.json index 6ed37adcd1d..3cd88fc774b 100644 --- a/2017/14xxx/CVE-2017-14122.json +++ b/2017/14xxx/CVE-2017-14122.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2017/08/20/1", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/08/20/1" - }, - { - "name" : "https://bugs.debian.org/874060", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/874060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/874060", + "refsource": "MISC", + "url": "https://bugs.debian.org/874060" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/08/20/1", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/08/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14241.json b/2017/14xxx/CVE-2017-14241.json index 4e4345cc5d3..603b46a986e 100644 --- a/2017/14xxx/CVE-2017-14241.json +++ b/2017/14xxx/CVE-2017-14241.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14364.json b/2017/14xxx/CVE-2017-14364.json index 41b694fd59a..6dd595375b7 100644 --- a/2017/14xxx/CVE-2017-14364.json +++ b/2017/14xxx/CVE-2017-14364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17592.json b/2017/17xxx/CVE-2017-17592.json index 318a6ae4809..0bf4d50c911 100644 --- a/2017/17xxx/CVE-2017-17592.json +++ b/2017/17xxx/CVE-2017-17592.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43238", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43238/" - }, - { - "name" : "https://packetstormsecurity.com/files/145248/Website-Auction-Marketplace-2.0.5-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145248/Website-Auction-Marketplace-2.0.5-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145248/Website-Auction-Marketplace-2.0.5-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145248/Website-Auction-Marketplace-2.0.5-SQL-Injection.html" + }, + { + "name": "43238", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43238/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17610.json b/2017/17xxx/CVE-2017-17610.json index 8eb90c72046..31777ee4994 100644 --- a/2017/17xxx/CVE-2017-17610.json +++ b/2017/17xxx/CVE-2017-17610.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43277", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43277/" - }, - { - "name" : "https://packetstormsecurity.com/files/145305/E-commerce-MLM-Software-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145305/E-commerce-MLM-Software-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145305/E-commerce-MLM-Software-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145305/E-commerce-MLM-Software-1.0-SQL-Injection.html" + }, + { + "name": "43277", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43277/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17883.json b/2017/17xxx/CVE-2017-17883.json index cb4587fe747..84c168a978c 100644 --- a/2017/17xxx/CVE-2017-17883.json +++ b/2017/17xxx/CVE-2017-17883.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/877", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/877", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/877" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17901.json b/2017/17xxx/CVE-2017-17901.json index d34a653eb00..64e4f872771 100644 --- a/2017/17xxx/CVE-2017-17901.json +++ b/2017/17xxx/CVE-2017-17901.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/145548/ZyXEL-P-660HW-TTL-Expiry-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145548/ZyXEL-P-660HW-TTL-Expiry-Denial-Of-Service.html" - }, - { - "name" : "https://www.zyxel.com/support/announcement_denial_of_service.shtml", - "refsource" : "CONFIRM", - "url" : "https://www.zyxel.com/support/announcement_denial_of_service.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zyxel.com/support/announcement_denial_of_service.shtml", + "refsource": "CONFIRM", + "url": "https://www.zyxel.com/support/announcement_denial_of_service.shtml" + }, + { + "name": "http://packetstormsecurity.com/files/145548/ZyXEL-P-660HW-TTL-Expiry-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145548/ZyXEL-P-660HW-TTL-Expiry-Denial-Of-Service.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17927.json b/2017/17xxx/CVE-2017-17927.json index d8f5d2c517e..3aa543ad5c9 100644 --- a/2017/17xxx/CVE-2017-17927.json +++ b/2017/17xxx/CVE-2017-17927.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9058.json b/2017/9xxx/CVE-2017-9058.json index 9bb4e875313..e045606865d 100644 --- a/2017/9xxx/CVE-2017-9058.json +++ b/2017/9xxx/CVE-2017-9058.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556" - }, - { - "name" : "USN-3667-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3667-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3667-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3667-1/" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9309.json b/2017/9xxx/CVE-2017-9309.json index f78f3a03360..1bd5090e4a3 100644 --- a/2017/9xxx/CVE-2017-9309.json +++ b/2017/9xxx/CVE-2017-9309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9309", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9309", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9514.json b/2017/9xxx/CVE-2017-9514.json index d78dde15a75..87a54733abc 100644 --- a/2017/9xxx/CVE-2017-9514.json +++ b/2017/9xxx/CVE-2017-9514.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "ID" : "CVE-2017-9514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bamboo", - "version" : { - "version_data" : [ - { - "version_value" : "from 6.0.0 before 6.0.5" - }, - { - "version_value" : "from 6.1.0 before 6.1.4" - }, - { - "version_value" : "from 6.2.0 before 6.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "ID": "CVE-2017-9514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bamboo", + "version": { + "version_data": [ + { + "version_value": "from 6.0.0 before 6.0.5" + }, + { + "version_value": "from 6.1.0 before 6.1.4" + }, + { + "version_value": "from 6.2.0 before 6.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-10-11-938843921.html", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-10-11-938843921.html" - }, - { - "name" : "101269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-10-11-938843921.html", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-10-11-938843921.html" + }, + { + "name": "101269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101269" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9694.json b/2017/9xxx/CVE-2017-9694.json index 4e7f9e675ac..e29e3f04761 100644 --- a/2017/9xxx/CVE-2017-9694.json +++ b/2017/9xxx/CVE-2017-9694.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2017-9694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2017-9694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1e47d44de7bab5500d27f17ae5c4ebebc7d2b4ef", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1e47d44de7bab5500d27f17ae5c4ebebc7d2b4ef" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1" - }, - { - "name" : "100210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1e47d44de7bab5500d27f17ae5c4ebebc7d2b4ef", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1e47d44de7bab5500d27f17ae5c4ebebc7d2b4ef" + }, + { + "name": "100210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100210" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9726.json b/2017/9xxx/CVE-2017-9726.json index a79ef504163..0d17c18b3d8 100644 --- a/2017/9xxx/CVE-2017-9726.json +++ b/2017/9xxx/CVE-2017-9726.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.ghostscript.com/show_bug.cgi?id=698055", - "refsource" : "CONFIRM", - "url" : "http://bugs.ghostscript.com/show_bug.cgi?id=698055" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b" - }, - { - "name" : "DSA-3986", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3986" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "99992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.ghostscript.com/show_bug.cgi?id=698055", + "refsource": "CONFIRM", + "url": "http://bugs.ghostscript.com/show_bug.cgi?id=698055" + }, + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "DSA-3986", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3986" + }, + { + "name": "99992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99992" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9932.json b/2017/9xxx/CVE-2017-9932.json index e5e134d969b..da5f3b34455 100644 --- a/2017/9xxx/CVE-2017-9932.json +++ b/2017/9xxx/CVE-2017-9932.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://iscouncil.blogspot.com/2017/07/authentication-bypass-in-green-packet.html", - "refsource" : "MISC", - "url" : "https://iscouncil.blogspot.com/2017/07/authentication-bypass-in-green-packet.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://iscouncil.blogspot.com/2017/07/authentication-bypass-in-green-packet.html", + "refsource": "MISC", + "url": "https://iscouncil.blogspot.com/2017/07/authentication-bypass-in-green-packet.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0302.json b/2018/0xxx/CVE-2018-0302.json index 97ffc9255d8..97f808f3544 100644 --- a/2018/0xxx/CVE-2018-0302.json +++ b/2018/0xxx/CVE-2018-0302.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco FXOS Software and UCS Fabric Interconnect unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco FXOS Software and UCS Fabric Interconnect unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco FXOS Software and UCS Fabric Interconnect unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco FXOS Software and UCS Fabric Interconnect unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0386.json b/2018/0xxx/CVE-2018-0386.json index f0a9a7fbeb5..97272b1c518 100644 --- a/2018/0xxx/CVE-2018-0386.json +++ b/2018/0xxx/CVE-2018-0386.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-08-15T00:00:00", - "ID" : "CVE-2018-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Unified Communications Domain Manager Software", - "version" : { - "version_data" : [ - { - "version_value" : "unspecified" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-08-15T00:00:00", + "ID": "CVE-2018-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unified Communications Domain Manager Software", + "version": { + "version_data": [ + { + "version_value": "unspecified" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180815 Cisco Unified Communications Domain Manager Reflected Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-cucdm-xss" - }, - { - "name" : "105113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105113" - }, - { - "name" : "1041537", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180815 Cisco Unified Communications Domain Manager Reflected Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-cucdm-xss" + }, + { + "name": "105113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105113" + }, + { + "name": "1041537", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041537" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0624.json b/2018/0xxx/CVE-2018-0624.json index 7e3c8c93732..6c6d67832b0 100644 --- a/2018/0xxx/CVE-2018-0624.json +++ b/2018/0xxx/CVE-2018-0624.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Multiple Yayoi 17 Series products", - "version" : { - "version_data" : [ - { - "version_value" : "(Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Yayoi Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Multiple Yayoi 17 Series products", + "version": { + "version_data": [ + { + "version_value": "(Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Yayoi Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#06813756", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN06813756/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#06813756", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN06813756/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0842.json b/2018/0xxx/CVE-2018-0842.json index a318ec4d902..4acac9c5cfc 100644 --- a/2018/0xxx/CVE-2018-0842.json +++ b/2018/0xxx/CVE-2018-0842.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-0842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Kernel Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Important" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-0842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0842", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0842" - }, - { - "name" : "102946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102946" - }, - { - "name" : "1040371", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Kernel Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Important" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102946" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0842", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0842" + }, + { + "name": "1040371", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040371" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0942.json b/2018/0xxx/CVE-2018-0942.json index 122db28ff9e..1b4d74f8baf 100644 --- a/2018/0xxx/CVE-2018-0942.json +++ b/2018/0xxx/CVE-2018-0942.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka \"Internet Explorer Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0942", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0942" - }, - { - "name" : "103312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103312" - }, - { - "name" : "1040510", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka \"Internet Explorer Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0942", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0942" + }, + { + "name": "1040510", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040510" + }, + { + "name": "103312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103312" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000825.json b/2018/1000xxx/CVE-2018-1000825.json index 2698322d942..d5ac6a3072d 100644 --- a/2018/1000xxx/CVE-2018-1000825.json +++ b/2018/1000xxx/CVE-2018-1000825.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.462752", - "DATE_REQUESTED" : "2018-10-28T03:51:06", - "ID" : "CVE-2018-1000825", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeCol", - "version" : { - "version_data" : [ - { - "version_value" : "<= nightly-2018-08-22" - } - ] - } - } - ] - }, - "vendor_name" : "FreeCol" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.462752", + "DATE_REQUESTED": "2018-10-28T03:51:06", + "ID": "CVE-2018-1000825", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/10/28/freecol-XXE/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/10/28/freecol-XXE/" - }, - { - "name" : "https://github.com/FreeCol/freecol/issues/26", - "refsource" : "MISC", - "url" : "https://github.com/FreeCol/freecol/issues/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0dd.zone/2018/10/28/freecol-XXE/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/10/28/freecol-XXE/" + }, + { + "name": "https://github.com/FreeCol/freecol/issues/26", + "refsource": "MISC", + "url": "https://github.com/FreeCol/freecol/issues/26" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19023.json b/2018/19xxx/CVE-2018-19023.json index c1d9330ffb5..750eba66652 100644 --- a/2018/19xxx/CVE-2018-19023.json +++ b/2018/19xxx/CVE-2018-19023.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-01-03T00:00:00", - "ID" : "CVE-2018-19023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hetronic Nova-M", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version r161" - } - ] - } - } - ] - }, - "vendor_name" : "Hetronic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-01-03T00:00:00", + "ID": "CVE-2018-19023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hetronic Nova-M", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version r161" + } + ] + } + } + ] + }, + "vendor_name": "Hetronic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03" - }, - { - "name" : "106448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03" + }, + { + "name": "106448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106448" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19529.json b/2018/19xxx/CVE-2018-19529.json index eb20ac66f6d..dff92937482 100644 --- a/2018/19xxx/CVE-2018-19529.json +++ b/2018/19xxx/CVE-2018-19529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1145.json b/2018/1xxx/CVE-2018-1145.json index e848aa750ca..17dd4e50cf3 100644 --- a/2018/1xxx/CVE-2018-1145.json +++ b/2018/1xxx/CVE-2018-1145.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-04-16T00:00:00", - "ID" : "CVE-2018-1145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware 1.10.22?" - } - ] - } - } - ] - }, - "vendor_name" : "Belkin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-04-16T00:00:00", + "ID": "CVE-2018-1145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)", + "version": { + "version_data": [ + { + "version_value": "Firmware 1.10.22?" + } + ] + } + } + ] + }, + "vendor_name": "Belkin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-08", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-08", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-08" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1440.json b/2018/1xxx/CVE-2018-1440.json index 21bc587abf5..c5a73f88d52 100644 --- a/2018/1xxx/CVE-2018-1440.json +++ b/2018/1xxx/CVE-2018-1440.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-1440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139595." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-1440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078" - }, - { - "name" : "ibm-rqm-cve20181440-xss(139595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139595." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733078", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733078" + }, + { + "name": "ibm-rqm-cve20181440-xss(139595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139595" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1809.json b/2018/1xxx/CVE-2018-1809.json index 56a4f6c1000..677cfd7f891 100644 --- a/2018/1xxx/CVE-2018-1809.json +++ b/2018/1xxx/CVE-2018-1809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1809", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1809", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4462.json b/2018/4xxx/CVE-2018-4462.json index a9f4045c7a2..5ddd2e903bd 100644 --- a/2018/4xxx/CVE-2018-4462.json +++ b/2018/4xxx/CVE-2018-4462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4462", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4462", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4463.json b/2018/4xxx/CVE-2018-4463.json index 2451eeb5eee..7ccc59156c5 100644 --- a/2018/4xxx/CVE-2018-4463.json +++ b/2018/4xxx/CVE-2018-4463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file