From 6b5ad20ecfc5f379e9dfbfa7ca4595610a63a525 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:41:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0165.json | 180 ++++++++++----------- 2008/0xxx/CVE-2008-0443.json | 160 +++++++++--------- 2008/0xxx/CVE-2008-0586.json | 280 ++++++++++++++++---------------- 2008/0xxx/CVE-2008-0587.json | 200 +++++++++++------------ 2008/0xxx/CVE-2008-0927.json | 190 +++++++++++----------- 2008/1xxx/CVE-2008-1268.json | 150 ++++++++--------- 2008/1xxx/CVE-2008-1834.json | 160 +++++++++--------- 2008/4xxx/CVE-2008-4260.json | 160 +++++++++--------- 2008/5xxx/CVE-2008-5707.json | 130 +++++++-------- 2008/5xxx/CVE-2008-5850.json | 34 ++-- 2008/5xxx/CVE-2008-5871.json | 170 +++++++++---------- 2008/5xxx/CVE-2008-5909.json | 140 ++++++++-------- 2008/5xxx/CVE-2008-5917.json | 170 +++++++++---------- 2013/0xxx/CVE-2013-0079.json | 160 +++++++++--------- 2013/0xxx/CVE-2013-0947.json | 120 +++++++------- 2013/3xxx/CVE-2013-3122.json | 140 ++++++++-------- 2013/3xxx/CVE-2013-3490.json | 34 ++-- 2013/3xxx/CVE-2013-3632.json | 160 +++++++++--------- 2013/4xxx/CVE-2013-4169.json | 140 ++++++++-------- 2013/4xxx/CVE-2013-4290.json | 150 ++++++++--------- 2013/4xxx/CVE-2013-4355.json | 190 +++++++++++----------- 2013/4xxx/CVE-2013-4464.json | 34 ++-- 2013/4xxx/CVE-2013-4677.json | 140 ++++++++-------- 2013/6xxx/CVE-2013-6377.json | 34 ++-- 2013/6xxx/CVE-2013-6507.json | 34 ++-- 2013/6xxx/CVE-2013-6572.json | 34 ++-- 2013/7xxx/CVE-2013-7016.json | 170 +++++++++---------- 2013/7xxx/CVE-2013-7253.json | 34 ++-- 2017/10xxx/CVE-2017-10018.json | 142 ++++++++-------- 2017/10xxx/CVE-2017-10107.json | 288 ++++++++++++++++----------------- 2017/10xxx/CVE-2017-10335.json | 150 ++++++++--------- 2017/12xxx/CVE-2017-12294.json | 140 ++++++++-------- 2017/12xxx/CVE-2017-12300.json | 130 +++++++-------- 2017/12xxx/CVE-2017-12427.json | 140 ++++++++-------- 2017/12xxx/CVE-2017-12458.json | 120 +++++++------- 2017/13xxx/CVE-2017-13215.json | 162 +++++++++---------- 2017/13xxx/CVE-2017-13359.json | 34 ++-- 2017/13xxx/CVE-2017-13362.json | 34 ++-- 2017/13xxx/CVE-2017-13480.json | 34 ++-- 2017/13xxx/CVE-2017-13687.json | 190 +++++++++++----------- 2017/17xxx/CVE-2017-17002.json | 34 ++-- 2017/17xxx/CVE-2017-17711.json | 34 ++-- 2017/17xxx/CVE-2017-17755.json | 34 ++-- 2018/0xxx/CVE-2018-0181.json | 180 ++++++++++----------- 2018/0xxx/CVE-2018-0368.json | 130 +++++++-------- 2018/0xxx/CVE-2018-0806.json | 142 ++++++++-------- 2018/18xxx/CVE-2018-18176.json | 34 ++-- 2018/18xxx/CVE-2018-18386.json | 170 +++++++++---------- 2018/18xxx/CVE-2018-18433.json | 130 +++++++-------- 2018/18xxx/CVE-2018-18456.json | 130 +++++++-------- 2018/19xxx/CVE-2018-19038.json | 34 ++-- 2018/19xxx/CVE-2018-19265.json | 34 ++-- 2018/19xxx/CVE-2018-19600.json | 130 +++++++-------- 2018/1xxx/CVE-2018-1010.json | 140 ++++++++-------- 2018/1xxx/CVE-2018-1027.json | 190 +++++++++++----------- 2018/1xxx/CVE-2018-1366.json | 162 +++++++++---------- 2018/1xxx/CVE-2018-1515.json | 188 ++++++++++----------- 2018/5xxx/CVE-2018-5728.json | 120 +++++++------- 58 files changed, 3639 insertions(+), 3639 deletions(-) diff --git a/2008/0xxx/CVE-2008-0165.json b/2008/0xxx/CVE-2008-0165.json index 0e2ddfc9c4d..339504ed01f 100644 --- a/2008/0xxx/CVE-2008-0165.json +++ b/2008/0xxx/CVE-2008-0165.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445" - }, - { - "name" : "http://ikiwiki.info/security/#index31h2", - "refsource" : "CONFIRM", - "url" : "http://ikiwiki.info/security/#index31h2" - }, - { - "name" : "DSA-1553", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1553" - }, - { - "name" : "ADV-2008-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1297/references" - }, - { - "name" : "29907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29907" - }, - { - "name" : "29932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29932" - }, - { - "name" : "ikiwiki-change-password-csrf(41904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1553", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1553" + }, + { + "name": "29907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29907" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445" + }, + { + "name": "29932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29932" + }, + { + "name": "ADV-2008-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1297/references" + }, + { + "name": "http://ikiwiki.info/security/#index31h2", + "refsource": "CONFIRM", + "url": "http://ikiwiki.info/security/#index31h2" + }, + { + "name": "ikiwiki-change-password-csrf(41904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0443.json b/2008/0xxx/CVE-2008-0443.json index 2d7e10d15e3..6281d7bf9d4 100644 --- a/2008/0xxx/CVE-2008-0443.json +++ b/2008/0xxx/CVE-2008-0443.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4967", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4967" - }, - { - "name" : "27411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27411" - }, - { - "name" : "ADV-2008-0253", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0253" - }, - { - "name" : "28599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28599" - }, - { - "name" : "lycosfileuploader-fileuploader-activex-bo(39849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4967", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4967" + }, + { + "name": "27411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27411" + }, + { + "name": "lycosfileuploader-fileuploader-activex-bo(39849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39849" + }, + { + "name": "ADV-2008-0253", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0253" + }, + { + "name": "28599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28599" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0586.json b/2008/0xxx/CVE-2008-0586.json index 40ffe59f4ab..acf2a7d2f41 100644 --- a/2008/0xxx/CVE-2008-0586.json +++ b/2008/0xxx/CVE-2008-0586.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4068", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4068" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc" - }, - { - "name" : "IY98331", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IY98331" - }, - { - "name" : "IY98340", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IY98340" - }, - { - "name" : "IY99537", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IY99537" - }, - { - "name" : "IZ00559", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ00559" - }, - { - "name" : "IZ10828", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ10828" - }, - { - "name" : "IY98448", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98448" - }, - { - "name" : "IY98450", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98450" - }, - { - "name" : "27431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27431" - }, - { - "name" : "40427", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40427" - }, - { - "name" : "40428", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40428" - }, - { - "name" : "40429", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40429" - }, - { - "name" : "oval:org.mitre.oval:def:5704", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5704" - }, - { - "name" : "ADV-2008-0261", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0261" - }, - { - "name" : "28609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28609" - }, - { - "name" : "aix-lvm-commands-bo(39907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28609" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4068", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4068" + }, + { + "name": "aix-lvm-commands-bo(39907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39907" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc" + }, + { + "name": "40428", + "refsource": "OSVDB", + "url": "http://osvdb.org/40428" + }, + { + "name": "40429", + "refsource": "OSVDB", + "url": "http://osvdb.org/40429" + }, + { + "name": "IY98448", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98448" + }, + { + "name": "IY98340", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IY98340" + }, + { + "name": "IY98331", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IY98331" + }, + { + "name": "IZ00559", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ00559" + }, + { + "name": "27431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27431" + }, + { + "name": "40427", + "refsource": "OSVDB", + "url": "http://osvdb.org/40427" + }, + { + "name": "ADV-2008-0261", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0261" + }, + { + "name": "IZ10828", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ10828" + }, + { + "name": "IY99537", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IY99537" + }, + { + "name": "oval:org.mitre.oval:def:5704", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5704" + }, + { + "name": "IY98450", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98450" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0587.json b/2008/0xxx/CVE-2008-0587.json index d954881cb37..0c56be64b41 100644 --- a/2008/0xxx/CVE-2008-0587.json +++ b/2008/0xxx/CVE-2008-0587.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4072", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4072" - }, - { - "name" : "IZ06261", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ06261" - }, - { - "name" : "IZ06489", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ06489" - }, - { - "name" : "IZ06621", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ06621" - }, - { - "name" : "27429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27429" - }, - { - "name" : "oval:org.mitre.oval:def:5686", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5686" - }, - { - "name" : "ADV-2008-0261", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0261" - }, - { - "name" : "28609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28609" - }, - { - "name" : "aix-uspchrp-bo(39910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28609" + }, + { + "name": "IZ06261", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06261" + }, + { + "name": "IZ06621", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06621" + }, + { + "name": "27429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27429" + }, + { + "name": "IZ06489", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06489" + }, + { + "name": "aix-uspchrp-bo(39910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39910" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4072", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4072" + }, + { + "name": "ADV-2008-0261", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0261" + }, + { + "name": "oval:org.mitre.oval:def:5686", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5686" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0927.json b/2008/0xxx/CVE-2008-0927.json index ff268b1c020..503ddf06bed 100644 --- a/2008/0xxx/CVE-2008-0927.json +++ b/2008/0xxx/CVE-2008-0927.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080505 Novell eDirectory DoS via HTTP headers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491622/100/0/threaded" - }, - { - "name" : "5547", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5547" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1" - }, - { - "name" : "28757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28757" - }, - { - "name" : "ADV-2008-1217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1217/references" - }, - { - "name" : "1019836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019836" - }, - { - "name" : "29805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29805" - }, - { - "name" : "novell-edirectory-dhost-dos(41787)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080505 Novell eDirectory DoS via HTTP headers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491622/100/0/threaded" + }, + { + "name": "1019836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019836" + }, + { + "name": "29805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29805" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1" + }, + { + "name": "ADV-2008-1217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1217/references" + }, + { + "name": "novell-edirectory-dhost-dos(41787)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41787" + }, + { + "name": "28757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28757" + }, + { + "name": "5547", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5547" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1268.json b/2008/1xxx/CVE-2008-1268.json index f15347de1d2..877f77ab8cd 100644 --- a/2008/1xxx/CVE-2008-1268.json +++ b/2008/1xxx/CVE-2008-1268.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://swbae.egloos.com/1701135", - "refsource" : "MISC", - "url" : "http://swbae.egloos.com/1701135" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "linksys-wrt54g-ftp-security-bypass(41119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "http://swbae.egloos.com/1701135", + "refsource": "MISC", + "url": "http://swbae.egloos.com/1701135" + }, + { + "name": "linksys-wrt54g-ftp-security-bypass(41119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41119" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1834.json b/2008/1xxx/CVE-2008-1834.json index ee84b2e0097..4e2c9e9951a 100644 --- a/2008/1xxx/CVE-2008-1834.json +++ b/2008/1xxx/CVE-2008-1834.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Swfdec] 20080409 Swfdec 0.6.4 released", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html" - }, - { - "name" : "http://gitweb.freedesktop.org/?p=swfdec/swfdec.git;a=commit;h=326ee4ff631ecc11605f1251e1923a94561a3823", - "refsource" : "CONFIRM", - "url" : "http://gitweb.freedesktop.org/?p=swfdec/swfdec.git;a=commit;h=326ee4ff631ecc11605f1251e1923a94561a3823" - }, - { - "name" : "28881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28881" - }, - { - "name" : "29915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29915" - }, - { - "name" : "swfdec-swfdecloadobject-info-disclosure(41887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28881" + }, + { + "name": "swfdec-swfdecloadobject-info-disclosure(41887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41887" + }, + { + "name": "http://gitweb.freedesktop.org/?p=swfdec/swfdec.git;a=commit;h=326ee4ff631ecc11605f1251e1923a94561a3823", + "refsource": "CONFIRM", + "url": "http://gitweb.freedesktop.org/?p=swfdec/swfdec.git;a=commit;h=326ee4ff631ecc11605f1251e1923a94561a3823" + }, + { + "name": "29915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29915" + }, + { + "name": "[Swfdec] 20080409 Swfdec 0.6.4 released", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4260.json b/2008/4xxx/CVE-2008-4260.json index 291df608863..8de55e0b753 100644 --- a/2008/4xxx/CVE-2008-4260.json +++ b/2008/4xxx/CVE-2008-4260.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-4260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS08-073", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-073" - }, - { - "name" : "TA08-344A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" - }, - { - "name" : "oval:org.mitre.oval:def:5903", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5903" - }, - { - "name" : "ADV-2008-3385", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3385" - }, - { - "name" : "1021371", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3385", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3385" + }, + { + "name": "1021371", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021371" + }, + { + "name": "TA08-344A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" + }, + { + "name": "oval:org.mitre.oval:def:5903", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5903" + }, + { + "name": "MS08-073", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-073" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5707.json b/2008/5xxx/CVE-2008-5707.json index 75a8a7282a6..81e4cc481cb 100644 --- a/2008/5xxx/CVE-2008-5707.json +++ b/2008/5xxx/CVE-2008-5707.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081011 Iltaweb Alisveris Sistemi (tr) Sql inj", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497279/100/0/threaded" - }, - { - "name" : "31740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081011 Iltaweb Alisveris Sistemi (tr) Sql inj", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497279/100/0/threaded" + }, + { + "name": "31740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31740" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5850.json b/2008/5xxx/CVE-2008-5850.json index 1f10775e961..467bd9abfb7 100644 --- a/2008/5xxx/CVE-2008-5850.json +++ b/2008/5xxx/CVE-2008-5850.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5850", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was originally recorded for a \"SPLAT Remote Root Exploit\" that was claimed to exist for Check Point SmartCenter. The claim has no actionable details and was disclosed by a person of unknown reliability who did not coordinate with the vendor. No people of known reliability have confirmed the original claim. The vendor has not indicated that they are aware of any vulnerability. Since the claim has no actionable details or independent verification, it is outside the scope of CVE according to current inclusion criteria." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was originally recorded for a \"SPLAT Remote Root Exploit\" that was claimed to exist for Check Point SmartCenter. The claim has no actionable details and was disclosed by a person of unknown reliability who did not coordinate with the vendor. No people of known reliability have confirmed the original claim. The vendor has not indicated that they are aware of any vulnerability. Since the claim has no actionable details or independent verification, it is outside the scope of CVE according to current inclusion criteria." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5871.json b/2008/5xxx/CVE-2008-5871.json index 8fd3855a3d4..81269d6705d 100644 --- a/2008/5xxx/CVE-2008-5871.json +++ b/2008/5xxx/CVE-2008-5871.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://voipshield.com/research-details.php?id=119", - "refsource" : "MISC", - "url" : "http://voipshield.com/research-details.php?id=119" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223" - }, - { - "name" : "31640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31640" - }, - { - "name" : "ADV-2008-2779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2779" - }, - { - "name" : "32203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32203" - }, - { - "name" : "nortel-mcs-snoop-weak-security(45752)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://voipshield.com/research-details.php?id=119", + "refsource": "MISC", + "url": "http://voipshield.com/research-details.php?id=119" + }, + { + "name": "31640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31640" + }, + { + "name": "32203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32203" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223" + }, + { + "name": "nortel-mcs-snoop-weak-security(45752)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45752" + }, + { + "name": "ADV-2008-2779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2779" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5909.json b/2008/5xxx/CVE-2008-5909.json index aea1538a4be..8fdad00c73c 100644 --- a/2008/5xxx/CVE-2008-5909.json +++ b/2008/5xxx/CVE-2008-5909.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown impact and local attack vectors, related to improper handling of temporary files, aka Bug ID 6655641." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://opensolaris.org/os/bug_reports/request_sponsor/", - "refsource" : "MISC", - "url" : "http://opensolaris.org/os/bug_reports/request_sponsor/" - }, - { - "name" : "33396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33396" - }, - { - "name" : "opensolaris-convlpd-unspecified(48148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown impact and local attack vectors, related to improper handling of temporary files, aka Bug ID 6655641." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://opensolaris.org/os/bug_reports/request_sponsor/", + "refsource": "MISC", + "url": "http://opensolaris.org/os/bug_reports/request_sponsor/" + }, + { + "name": "opensolaris-convlpd-unspecified(48148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48148" + }, + { + "name": "33396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33396" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5917.json b/2008/5xxx/CVE-2008-5917.json index 9ba0ef5e439..731a2300db5 100644 --- a/2008/5xxx/CVE-2008-5917.json +++ b/2008/5xxx/CVE-2008-5917.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] Horde 3.2.3 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000462.html" - }, - { - "name" : "[announce] Horde 3.3.1 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000464.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "34609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18" + }, + { + "name": "[announce] Horde 3.2.3 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000462.html" + }, + { + "name": "34609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34609" + }, + { + "name": "[announce] Horde 3.3.1 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000464.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0079.json b/2013/0xxx/CVE-2013-0079.json index a73d9ca0cbb..8ac714d55fb 100644 --- a/2013/0xxx/CVE-2013-0079.json +++ b/2013/0xxx/CVE-2013-0079.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka \"Visio Viewer Tree Object Type Confusion Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130312 Microsoft Office Visio Viewer ActiveX Type Confusion Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024" - }, - { - "name" : "MS13-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "VU#851777", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/851777" - }, - { - "name" : "oval:org.mitre.oval:def:16300", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka \"Visio Viewer Tree Object Type Confusion Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#851777", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/851777" + }, + { + "name": "MS13-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-023" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + }, + { + "name": "oval:org.mitre.oval:def:16300", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16300" + }, + { + "name": "20130312 Microsoft Office Visio Viewer ActiveX Type Confusion Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1024" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0947.json b/2013/0xxx/CVE-2013-0947.json index c4c648850dc..1b16145df78 100644 --- a/2013/0xxx/CVE-2013-0947.json +++ b/2013/0xxx/CVE-2013-0947.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-0947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130528 ESA-2013-040: RSA Authentication Manager 8.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-05/0115.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130528 ESA-2013-040: RSA Authentication Manager 8.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0115.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3122.json b/2013/3xxx/CVE-2013-3122.json index 6640dc7f736..47499476b69 100644 --- a/2013/3xxx/CVE-2013-3122.json +++ b/2013/3xxx/CVE-2013-3122.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3117 and CVE-2013-3124." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047" - }, - { - "name" : "TA13-168A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A" - }, - { - "name" : "oval:org.mitre.oval:def:16352", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3117 and CVE-2013-3124." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16352", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16352" + }, + { + "name": "TA13-168A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A" + }, + { + "name": "MS13-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3490.json b/2013/3xxx/CVE-2013-3490.json index 0a33758c33a..92becd76b5c 100644 --- a/2013/3xxx/CVE-2013-3490.json +++ b/2013/3xxx/CVE-2013-3490.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3490", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3490", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3632.json b/2013/3xxx/CVE-2013-3632.json index 37c75a3f0bc..c8048e38ab5 100644 --- a/2013/3xxx/CVE-2013-3632.json +++ b/2013/3xxx/CVE-2013-3632.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29323", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/29323" - }, - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one" - }, - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats" - }, - { - "name" : "62873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62873" - }, - { - "name" : "99143", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62873" + }, + { + "name": "29323", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/29323" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats" + }, + { + "name": "99143", + "refsource": "OSVDB", + "url": "http://osvdb.org/99143" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4169.json b/2013/4xxx/CVE-2013-4169.json index 47bdfa9db51..1f46f3a5839 100644 --- a/2013/4xxx/CVE-2013-4169.json +++ b/2013/4xxx/CVE-2013-4169.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498" - }, - { - "name" : "RHSA-2013:1213", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1213.html" - }, - { - "name" : "54661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498" + }, + { + "name": "54661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54661" + }, + { + "name": "RHSA-2013:1213", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1213.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4290.json b/2013/4xxx/CVE-2013-4290.json index c889c39e98f..35ca56c0847 100644 --- a/2013/4xxx/CVE-2013-4290.json +++ b/2013/4xxx/CVE-2013-4290.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140911 [seth.arnold () canonical com: CVE Requests openjpeg]", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q3/593" - }, - { - "name" : "http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS", - "refsource" : "CONFIRM", - "url" : "http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS" - }, - { - "name" : "62362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62362" - }, - { - "name" : "57285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57285" + }, + { + "name": "http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS", + "refsource": "CONFIRM", + "url": "http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS" + }, + { + "name": "62362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62362" + }, + { + "name": "[oss-security] 20140911 [seth.arnold () canonical com: CVE Requests openjpeg]", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q3/593" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4355.json b/2013/4xxx/CVE-2013-4355.json index 9739bfff173..748ec7f0e49 100644 --- a/2013/4xxx/CVE-2013-4355.json +++ b/2013/4xxx/CVE-2013-4355.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130930 Xen Security Advisory 63 (CVE-2013-4355) - Information leaks through I/O instruction emulation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/30/1" - }, - { - "name" : "DSA-3006", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3006" - }, - { - "name" : "GLSA-201407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" - }, - { - "name" : "RHSA-2013:1790", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1790.html" - }, - { - "name" : "openSUSE-SU-2013:1636", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0411", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:0470", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2014:0470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" + }, + { + "name": "[oss-security] 20130930 Xen Security Advisory 63 (CVE-2013-4355) - Information leaks through I/O instruction emulation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/30/1" + }, + { + "name": "GLSA-201407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + }, + { + "name": "RHSA-2013:1790", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1790.html" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "DSA-3006", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3006" + }, + { + "name": "SUSE-SU-2014:0411", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" + }, + { + "name": "openSUSE-SU-2013:1636", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4464.json b/2013/4xxx/CVE-2013-4464.json index 55921ea6dd2..d210e082137 100644 --- a/2013/4xxx/CVE-2013-4464.json +++ b/2013/4xxx/CVE-2013-4464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4464", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4464", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4677.json b/2013/4xxx/CVE-2013-4677.json index d532169b186..85bb6d6411f 100644 --- a/2013/4xxx/CVE-2013-4677.json +++ b/2013/4xxx/CVE-2013-4677.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-4677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00" - }, - { - "name" : "61487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61487" - }, - { - "name" : "95939", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00" + }, + { + "name": "95939", + "refsource": "OSVDB", + "url": "http://osvdb.org/95939" + }, + { + "name": "61487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61487" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6377.json b/2013/6xxx/CVE-2013-6377.json index 42aed214211..4de900bb194 100644 --- a/2013/6xxx/CVE-2013-6377.json +++ b/2013/6xxx/CVE-2013-6377.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6377", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6377", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6507.json b/2013/6xxx/CVE-2013-6507.json index b7f692d0a3c..e56d187ca23 100644 --- a/2013/6xxx/CVE-2013-6507.json +++ b/2013/6xxx/CVE-2013-6507.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6507", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6507", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6572.json b/2013/6xxx/CVE-2013-6572.json index 7f93a7c0560..f32c77b727e 100644 --- a/2013/6xxx/CVE-2013-6572.json +++ b/2013/6xxx/CVE-2013-6572.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6572", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6572", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7016.json b/2013/7xxx/CVE-2013-7016.json index 578d1b0814b..7215f189a47 100644 --- a/2013/7xxx/CVE-2013-7016.json +++ b/2013/7xxx/CVE-2013-7016.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/11/26/7" - }, - { - "name" : "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/12/08/3" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f" - }, - { - "name" : "https://trac.ffmpeg.org/ticket/2848", - "refsource" : "CONFIRM", - "url" : "https://trac.ffmpeg.org/ticket/2848" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "https://trac.ffmpeg.org/ticket/2848", + "refsource": "CONFIRM", + "url": "https://trac.ffmpeg.org/ticket/2848" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/12/08/3" + }, + { + "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/11/26/7" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7253.json b/2013/7xxx/CVE-2013-7253.json index 889b7cdf4c4..68509e9c926 100644 --- a/2013/7xxx/CVE-2013-7253.json +++ b/2013/7xxx/CVE-2013-7253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10018.json b/2017/10xxx/CVE-2017-10018.json index e3b3fad6d8e..c4586ad305d 100644 --- a/2017/10xxx/CVE-2017-10018.json +++ b/2017/10xxx/CVE-2017-10018.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise SCM Strategic Sourcing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FSCM accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise SCM Strategic Sourcing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99811" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FSCM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99811" + }, + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10107.json b/2017/10xxx/CVE-2017-10107.json index 6da7ed068db..4af3ad50ff4 100644 --- a/2017/10xxx/CVE-2017-10107.json +++ b/2017/10xxx/CVE-2017-10107.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u151" - }, - { - "version_affected" : "=", - "version_value" : "7u141" - }, - { - "version_affected" : "=", - "version_value" : "8u131; Java SE Embedded: 8u131" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u151" + }, + { + "version_affected": "=", + "version_value": "7u141" + }, + { + "version_affected": "=", + "version_value": "8u131; Java SE Embedded: 8u131" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" - }, - { - "name" : "DSA-3919", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3919" - }, - { - "name" : "DSA-3954", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3954" - }, - { - "name" : "GLSA-201709-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-22" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "RHSA-2017:1789", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1789" - }, - { - "name" : "RHSA-2017:1790", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1790" - }, - { - "name" : "RHSA-2017:1791", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1791" - }, - { - "name" : "RHSA-2017:1792", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1792" - }, - { - "name" : "RHSA-2017:2424", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2424" - }, - { - "name" : "RHSA-2017:2469", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2469" - }, - { - "name" : "RHSA-2017:2481", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2481" - }, - { - "name" : "RHSA-2017:2530", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2530" - }, - { - "name" : "99719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99719" - }, - { - "name" : "1038931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1791", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1791" + }, + { + "name": "RHSA-2017:1790", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1790" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" + }, + { + "name": "RHSA-2017:1789", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1789" + }, + { + "name": "RHSA-2017:2424", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2424" + }, + { + "name": "1038931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038931" + }, + { + "name": "RHSA-2017:1792", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1792" + }, + { + "name": "GLSA-201709-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-22" + }, + { + "name": "DSA-3919", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3919" + }, + { + "name": "RHSA-2017:2481", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2481" + }, + { + "name": "RHSA-2017:2530", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2530" + }, + { + "name": "99719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99719" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "RHSA-2017:2469", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2469" + }, + { + "name": "DSA-3954", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3954" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10335.json b/2017/10xxx/CVE-2017-10335.json index 0a74d100552..5a99e277a36 100644 --- a/2017/10xxx/CVE-2017-10335.json +++ b/2017/10xxx/CVE-2017-10335.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101458" - }, - { - "name" : "1039598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039598" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101458" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12294.json b/2017/12xxx/CVE-2017-12294.json index 3a409834239..08ea0c28ac7 100644 --- a/2017/12xxx/CVE-2017-12294.json +++ b/2017/12xxx/CVE-2017-12294.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Meetings Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Meetings Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf85562." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Meetings Server", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Meetings Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1" - }, - { - "name" : "101654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101654" - }, - { - "name" : "1039721", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf85562." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1" + }, + { + "name": "101654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101654" + }, + { + "name": "1039721", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039721" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12300.json b/2017/12xxx/CVE-2017-12300.json index 557cf723c8f..8ff0affedc2 100644 --- a/2017/12xxx/CVE-2017-12300.json +++ b/2017/12xxx/CVE-2017-12300.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower System Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower System Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower System Software", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower System Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2" - }, - { - "name" : "101862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101862" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12427.json b/2017/12xxx/CVE-2017-12427.json index 9dea72050eb..92e411022de 100644 --- a/2017/12xxx/CVE-2017-12427.json +++ b/2017/12xxx/CVE-2017-12427.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/636", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/636" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/636", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/636" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12458.json b/2017/12xxx/CVE-2017-12458.json index e5a651766dd..8bbc507378d 100644 --- a/2017/12xxx/CVE-2017-12458.json +++ b/2017/12xxx/CVE-2017-12458.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21840", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21840", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13215.json b/2017/13xxx/CVE-2017-13215.json index a58326f1e89..9a45b913d97 100644 --- a/2017/13xxx/CVE-2017-13215.json +++ b/2017/13xxx/CVE-2017-13215.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "RHSA-2018:2384", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2384" - }, - { - "name" : "RHSA-2018:2395", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2395" - }, - { - "name" : "102390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102390" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102390" + }, + { + "name": "RHSA-2018:2395", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2395" + }, + { + "name": "RHSA-2018:2384", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2384" + }, + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13359.json b/2017/13xxx/CVE-2017-13359.json index c99383bad75..82cf9d453b8 100644 --- a/2017/13xxx/CVE-2017-13359.json +++ b/2017/13xxx/CVE-2017-13359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13359", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13359", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13362.json b/2017/13xxx/CVE-2017-13362.json index f4411230796..452e1913b5b 100644 --- a/2017/13xxx/CVE-2017-13362.json +++ b/2017/13xxx/CVE-2017-13362.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13362", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13362", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13480.json b/2017/13xxx/CVE-2017-13480.json index 90a72da6bfe..961ca83b991 100644 --- a/2017/13xxx/CVE-2017-13480.json +++ b/2017/13xxx/CVE-2017-13480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13480", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13480", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13687.json b/2017/13xxx/CVE-2017-13687.json index 3bf0820f7fe..124629363b4 100644 --- a/2017/13xxx/CVE-2017-13687.json +++ b/2017/13xxx/CVE-2017-13687.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a071897292f64be49", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a071897292f64be49" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc09afd9fa1a02c4a3d", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc09afd9fa1a02c4a3d" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc09afd9fa1a02c4a3d", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc09afd9fa1a02c4a3d" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a071897292f64be49", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a071897292f64be49" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17002.json b/2017/17xxx/CVE-2017-17002.json index f07e10e6195..d0ff430f675 100644 --- a/2017/17xxx/CVE-2017-17002.json +++ b/2017/17xxx/CVE-2017-17002.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17002", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17002", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17711.json b/2017/17xxx/CVE-2017-17711.json index 97479f9bcb7..29350c9e4e9 100644 --- a/2017/17xxx/CVE-2017-17711.json +++ b/2017/17xxx/CVE-2017-17711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17755.json b/2017/17xxx/CVE-2017-17755.json index 25850cfcdb2..9b18a1ccdce 100644 --- a/2017/17xxx/CVE-2017-17755.json +++ b/2017/17xxx/CVE-2017-17755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17755", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17755", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0181.json b/2018/0xxx/CVE-2018-0181.json index 5f897fe137a..c20a2e33e53 100644 --- a/2018/0xxx/CVE-2018-0181.json +++ b/2018/0xxx/CVE-2018-0181.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-09T16:00:00-0800", - "ID" : "CVE-2018-0181", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Policy Suite (CPS) Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "7.3", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-09T16:00:00-0800", + "ID": "CVE-2018-0181", + "STATE": "PUBLIC", + "TITLE": "Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Policy Suite (CPS) Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190109 Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cps-redis" - }, - { - "name" : "106547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106547" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190109-cps-redis", - "defect" : [ - [ - "CSCvf08748", - "CSCvk64527" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190109 Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cps-redis" + }, + { + "name": "106547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106547" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190109-cps-redis", + "defect": [ + [ + "CSCvf08748", + "CSCvk64527" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0368.json b/2018/0xxx/CVE-2018-0368.json index d060548b829..41a8edfc2c6 100644 --- a/2018/0xxx/CVE-2018-0368.json +++ b/2018/0xxx/CVE-2018-0368.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Digital Network Architecture Center unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Digital Network Architecture Center unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Digital Network Architecture Center unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Digital Network Architecture Center unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-dnac-id", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-dnac-id" - }, - { - "name" : "104729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-dnac-id", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-dnac-id" + }, + { + "name": "104729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104729" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0806.json b/2018/0xxx/CVE-2018-0806.json index fd38577bc44..3f181e03b7d 100644 --- a/2018/0xxx/CVE-2018-0806.json +++ b/2018/0xxx/CVE-2018-0806.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2018-0806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Equation Editor", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2018-0806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Equation Editor", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806" - }, - { - "name" : "102460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102460" - }, - { - "name" : "1040153", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806" + }, + { + "name": "1040153", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040153" + }, + { + "name": "102460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102460" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18176.json b/2018/18xxx/CVE-2018-18176.json index 8c415e0e405..81c1562c40f 100644 --- a/2018/18xxx/CVE-2018-18176.json +++ b/2018/18xxx/CVE-2018-18176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18176", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18176", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18386.json b/2018/18xxx/CVE-2018-18386.json index 48f97e981c2..060ba5b45b9 100644 --- a/2018/18xxx/CVE-2018-18386.json +++ b/2018/18xxx/CVE-2018-18386.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1094825", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1094825" - }, - { - "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11", - "refsource" : "MISC", - "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11" - }, - { - "name" : "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348" - }, - { - "name" : "USN-3849-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3849-2/" - }, - { - "name" : "USN-3849-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3849-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3849-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3849-1/" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1094825", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1094825" + }, + { + "name": "USN-3849-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3849-2/" + }, + { + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11", + "refsource": "MISC", + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11" + }, + { + "name": "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18433.json b/2018/18xxx/CVE-2018-18433.json index bbe643ad08a..8474c6ad635 100644 --- a/2018/18xxx/CVE-2018-18433.json +++ b/2018/18xxx/CVE-2018-18433.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss3", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss3" - }, - { - "name" : "https://www.patec.cn/newsshow.php?cid=24&id=134", - "refsource" : "MISC", - "url" : "https://www.patec.cn/newsshow.php?cid=24&id=134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss3", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss3" + }, + { + "name": "https://www.patec.cn/newsshow.php?cid=24&id=134", + "refsource": "MISC", + "url": "https://www.patec.cn/newsshow.php?cid=24&id=134" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18456.json b/2018/18xxx/CVE-2018-18456.json index fd139d13218..e60cb6b9340 100644 --- a/2018/18xxx/CVE-2018-18456.json +++ b/2018/18xxx/CVE-2018-18456.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217" - }, - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217" + }, + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19038.json b/2018/19xxx/CVE-2018-19038.json index 3dc656f1066..7b316c9bb80 100644 --- a/2018/19xxx/CVE-2018-19038.json +++ b/2018/19xxx/CVE-2018-19038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19038", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19038", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19265.json b/2018/19xxx/CVE-2018-19265.json index 403b5e76847..6476535c0fa 100644 --- a/2018/19xxx/CVE-2018-19265.json +++ b/2018/19xxx/CVE-2018-19265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19265", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19265", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19600.json b/2018/19xxx/CVE-2018-19600.json index c2f48110353..85955639529 100644 --- a/2018/19xxx/CVE-2018-19600.json +++ b/2018/19xxx/CVE-2018-19600.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-19600/blob/master/XSS.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-19600/blob/master/XSS.pdf" - }, - { - "name" : "https://github.com/rhymix/rhymix/issues/1088", - "refsource" : "CONFIRM", - "url" : "https://github.com/rhymix/rhymix/issues/1088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-19600/blob/master/XSS.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-19600/blob/master/XSS.pdf" + }, + { + "name": "https://github.com/rhymix/rhymix/issues/1088", + "refsource": "CONFIRM", + "url": "https://github.com/rhymix/rhymix/issues/1088" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1010.json b/2018/1xxx/CVE-2018-1010.json index b878fccbaff..c00ce34c96a 100644 --- a/2018/1xxx/CVE-2018-1010.json +++ b/2018/1xxx/CVE-2018-1010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2018-1010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka \"Microsoft Graphics Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-1010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010" - }, - { - "name" : "103594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103594" - }, - { - "name" : "1040656", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka \"Microsoft Graphics Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103594" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010" + }, + { + "name": "1040656", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040656" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1027.json b/2018/1xxx/CVE-2018-1027.json index 6d87d0909d7..22d6b5d9cbe 100644 --- a/2018/1xxx/CVE-2018-1027.json +++ b/2018/1xxx/CVE-2018-1027.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-1027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Excel", - "version" : { - "version_data" : [ - { - "version_value" : "2007 Service Pack 3" - }, - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - } - ] - } - }, - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Compatibility Pack Service Pack 3" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-1027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2007 Service Pack 3" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Compatibility Pack Service Pack 3" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027" - }, - { - "name" : "103616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103616" - }, - { - "name" : "1040652", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040652", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040652" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027" + }, + { + "name": "103616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103616" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1366.json b/2018/1xxx/CVE-2018-1366.json index ac2115f43d3..632fe7e036d 100644 --- a/2018/1xxx/CVE-2018-1366.json +++ b/2018/1xxx/CVE-2018-1366.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-25T00:00:00", - "ID" : "CVE-2018-1366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Content Navigator", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "2.0.2.8" - }, - { - "version_value" : "3.0.2" - }, - { - "version_value" : "3.0.3" - }, - { - "version_value" : "2.0.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-25T00:00:00", + "ID": "CVE-2018-1366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Content Navigator", + "version": { + "version_data": [ + { + "version_value": "3.0.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "2.0.2.8" + }, + { + "version_value": "3.0.2" + }, + { + "version_value": "3.0.3" + }, + { + "version_value": "2.0.2.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137452", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137452" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012674", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137452", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137452" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012674", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012674" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1515.json b/2018/1xxx/CVE-2018-1515.json index 24dfea35b7a..71ab1c5193e 100644 --- a/2018/1xxx/CVE-2018-1515.json +++ b/2018/1xxx/CVE-2018-1515.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-05-22T00:00:00", - "ID" : "CVE-2018-1515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "H", - "AV" : "L", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "7.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-05-22T00:00:00", + "ID": "CVE-2018-1515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016140", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016140" - }, - { - "name" : "1040969", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040969" - }, - { - "name" : "ibm-db2-cve20181515-bo(141624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "H", + "AV": "L", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "7.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040969", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040969" + }, + { + "name": "ibm-db2-cve20181515-bo(141624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141624" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22016140", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22016140" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5728.json b/2018/5xxx/CVE-2018-5728.json index 3a6e37e15e2..896f1bdc858 100644 --- a/2018/5xxx/CVE-2018-5728.json +++ b/2018/5xxx/CVE-2018-5728.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-donde-esta-mi-barco.html", - "refsource" : "MISC", - "url" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-donde-esta-mi-barco.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-donde-esta-mi-barco.html", + "refsource": "MISC", + "url": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-donde-esta-mi-barco.html" + } + ] + } +} \ No newline at end of file