From 70dbf97d0fedce8e8b4d1f5aa095496e98719866 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:19:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1237.json | 130 +++++++------- 2004/1xxx/CVE-2004-1792.json | 170 +++++++++--------- 2008/0xxx/CVE-2008-0028.json | 180 +++++++++---------- 2008/0xxx/CVE-2008-0597.json | 280 ++++++++++++++--------------- 2008/0xxx/CVE-2008-0631.json | 140 +++++++-------- 2008/0xxx/CVE-2008-0860.json | 160 ++++++++--------- 2008/3xxx/CVE-2008-3060.json | 150 ++++++++-------- 2008/3xxx/CVE-2008-3080.json | 130 +++++++------- 2008/3xxx/CVE-2008-3681.json | 180 +++++++++---------- 2008/4xxx/CVE-2008-4000.json | 170 +++++++++--------- 2008/4xxx/CVE-2008-4340.json | 170 +++++++++--------- 2008/4xxx/CVE-2008-4512.json | 140 +++++++-------- 2008/7xxx/CVE-2008-7000.json | 130 +++++++------- 2013/2xxx/CVE-2013-2014.json | 170 +++++++++--------- 2013/2xxx/CVE-2013-2024.json | 34 ++-- 2013/2xxx/CVE-2013-2211.json | 170 +++++++++--------- 2013/2xxx/CVE-2013-2241.json | 170 +++++++++--------- 2013/2xxx/CVE-2013-2245.json | 130 +++++++------- 2013/6xxx/CVE-2013-6189.json | 150 ++++++++-------- 2013/6xxx/CVE-2013-6560.json | 34 ++-- 2013/6xxx/CVE-2013-6712.json | 220 +++++++++++------------ 2013/7xxx/CVE-2013-7454.json | 130 +++++++------- 2017/10xxx/CVE-2017-10311.json | 162 ++++++++--------- 2017/10xxx/CVE-2017-10707.json | 34 ++-- 2017/10xxx/CVE-2017-10791.json | 130 +++++++------- 2017/10xxx/CVE-2017-10799.json | 140 +++++++-------- 2017/14xxx/CVE-2017-14145.json | 120 ++++++------- 2017/14xxx/CVE-2017-14181.json | 130 +++++++------- 2017/14xxx/CVE-2017-14483.json | 120 ++++++------- 2017/14xxx/CVE-2017-14588.json | 142 +++++++-------- 2017/14xxx/CVE-2017-14830.json | 130 +++++++------- 2017/14xxx/CVE-2017-14897.json | 132 +++++++------- 2017/15xxx/CVE-2017-15491.json | 34 ++-- 2017/15xxx/CVE-2017-15912.json | 34 ++-- 2017/9xxx/CVE-2017-9407.json | 120 ++++++------- 2017/9xxx/CVE-2017-9576.json | 120 ++++++------- 2017/9xxx/CVE-2017-9677.json | 130 +++++++------- 2017/9xxx/CVE-2017-9854.json | 140 +++++++-------- 2018/0xxx/CVE-2018-0218.json | 140 +++++++-------- 2018/0xxx/CVE-2018-0556.json | 130 +++++++------- 2018/0xxx/CVE-2018-0559.json | 130 +++++++------- 2018/1000xxx/CVE-2018-1000048.json | 124 ++++++------- 2018/1000xxx/CVE-2018-1000503.json | 136 +++++++------- 2018/1000xxx/CVE-2018-1000516.json | 126 ++++++------- 2018/15xxx/CVE-2018-15532.json | 63 ++++++- 2018/16xxx/CVE-2018-16094.json | 144 +++++++-------- 2018/16xxx/CVE-2018-16633.json | 120 ++++++------- 2018/16xxx/CVE-2018-16752.json | 130 +++++++------- 2018/19xxx/CVE-2018-19324.json | 120 ++++++------- 2018/19xxx/CVE-2018-19446.json | 34 ++-- 2018/19xxx/CVE-2018-19532.json | 130 +++++++------- 2018/19xxx/CVE-2018-19879.json | 34 ++-- 2018/4xxx/CVE-2018-4022.json | 120 ++++++------- 2018/4xxx/CVE-2018-4093.json | 180 +++++++++---------- 2018/4xxx/CVE-2018-4269.json | 34 ++-- 55 files changed, 3555 insertions(+), 3496 deletions(-) diff --git a/2004/1xxx/CVE-2004-1237.json b/2004/1xxx/CVE-2004-1237.json index 6f60bd2ab2a..bb4c82fb8c3 100644 --- a/2004/1xxx/CVE-2004-1237.json +++ b/2004/1xxx/CVE-2004-1237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2005:043", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-043.html" - }, - { - "name" : "oval:org.mitre.oval:def:11282", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:043", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-043.html" + }, + { + "name": "oval:org.mitre.oval:def:11282", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11282" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1792.json b/2004/1xxx/CVE-2004-1792.json index 9bfa36857e9..8dad2ea8b49 100644 --- a/2004/1xxx/CVE-2004-1792.json +++ b/2004/1xxx/CVE-2004-1792.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040102 Switch Off Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348693" - }, - { - "name" : "http://www.elitehaven.net/switchoff.txt", - "refsource" : "MISC", - "url" : "http://www.elitehaven.net/switchoff.txt" - }, - { - "name" : "9339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9339" - }, - { - "name" : "1008581", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008581" - }, - { - "name" : "10521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10521" - }, - { - "name" : "switch-off-swnet-dos(14123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9339" + }, + { + "name": "switch-off-swnet-dos(14123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14123" + }, + { + "name": "http://www.elitehaven.net/switchoff.txt", + "refsource": "MISC", + "url": "http://www.elitehaven.net/switchoff.txt" + }, + { + "name": "20040102 Switch Off Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348693" + }, + { + "name": "1008581", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008581" + }, + { + "name": "10521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10521" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0028.json b/2008/0xxx/CVE-2008-0028.json index e4292381712..e9201868305 100644 --- a/2008/0xxx/CVE-2008-0028.json +++ b/2008/0xxx/CVE-2008-0028.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-0028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080123 Cisco PIX and ASA Time-to-Live Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml" - }, - { - "name" : "27418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27418" - }, - { - "name" : "ADV-2008-0259", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0259" - }, - { - "name" : "1019262", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019262" - }, - { - "name" : "1019263", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019263" - }, - { - "name" : "28625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28625" - }, - { - "name" : "pix-asa-ttl-dos(39862)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080123 Cisco PIX and ASA Time-to-Live Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml" + }, + { + "name": "27418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27418" + }, + { + "name": "1019263", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019263" + }, + { + "name": "1019262", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019262" + }, + { + "name": "ADV-2008-0259", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0259" + }, + { + "name": "28625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28625" + }, + { + "name": "pix-asa-ttl-dos(39862)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39862" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0597.json b/2008/0xxx/CVE-2008-0597.json index 5345fe8089b..be1ae1ac3fe 100644 --- a/2008/0xxx/CVE-2008-0597.json +++ b/2008/0xxx/CVE-2008-0597.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080229 rPSA-2008-0091-1 cups", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488966/100/0/threaded" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0091", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0091" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2283", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2283" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm" - }, - { - "name" : "MDVSA-2008:050", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:050" - }, - { - "name" : "RHSA-2008:0153", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0153.html" - }, - { - "name" : "RHSA-2008:0161", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0161.html" - }, - { - "name" : "SUSE-SA:2008:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html" - }, - { - "name" : "27988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27988" - }, - { - "name" : "oval:org.mitre.oval:def:9492", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492" - }, - { - "name" : "1019497", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019497" - }, - { - "name" : "29087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29087" - }, - { - "name" : "29189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29189" - }, - { - "name" : "29251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29251" - }, - { - "name" : "cups-ippbrowse-useafterfree-dos(40845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29251" + }, + { + "name": "29189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29189" + }, + { + "name": "SUSE-SA:2008:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html" + }, + { + "name": "RHSA-2008:0153", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0153.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0091", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0091" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091" + }, + { + "name": "oval:org.mitre.oval:def:9492", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492" + }, + { + "name": "MDVSA-2008:050", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:050" + }, + { + "name": "27988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27988" + }, + { + "name": "20080229 rPSA-2008-0091-1 cups", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488966/100/0/threaded" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm" + }, + { + "name": "29087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29087" + }, + { + "name": "cups-ippbrowse-useafterfree-dos(40845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40845" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm" + }, + { + "name": "RHSA-2008:0161", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0161.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2283", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2283" + }, + { + "name": "1019497", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019497" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0631.json b/2008/0xxx/CVE-2008-0631.json index d82f5aae1d2..f143e787d9e 100644 --- a/2008/0xxx/CVE-2008-0631.json +++ b/2008/0xxx/CVE-2008-0631.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4999", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4999" - }, - { - "name" : "27481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27481" - }, - { - "name" : "mailbee-mailbee-file-overwrite(40011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27481" + }, + { + "name": "mailbee-mailbee-file-overwrite(40011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40011" + }, + { + "name": "4999", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4999" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0860.json b/2008/0xxx/CVE-2008-0860.json index 552ad0b3085..e90b670c853 100644 --- a/2008/0xxx/CVE-2008-0860.json +++ b/2008/0xxx/CVE-2008-0860.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kerio.com/kms_history.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/kms_history.html" - }, - { - "name" : "27868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27868" - }, - { - "name" : "ADV-2008-0594", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0594" - }, - { - "name" : "1019428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019428" - }, - { - "name" : "29021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019428" + }, + { + "name": "ADV-2008-0594", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0594" + }, + { + "name": "29021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29021" + }, + { + "name": "27868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27868" + }, + { + "name": "http://www.kerio.com/kms_history.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/kms_history.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3060.json b/2008/3xxx/CVE-2008-3060.json index d9ae93ebd36..de6b2a1ebf4 100644 --- a/2008/3xxx/CVE-2008-3060.json +++ b/2008/3xxx/CVE-2008-3060.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/48/48-v-webmail.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/48/48-v-webmail.txt" - }, - { - "name" : "48793", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/48793" - }, - { - "name" : "48794", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/48794" - }, - { - "name" : "vwebmail-loginpage-path-disclosure(45853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://osvdb.org/ref/48/48-v-webmail.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/48/48-v-webmail.txt" + }, + { + "name": "48794", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/48794" + }, + { + "name": "48793", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/48793" + }, + { + "name": "vwebmail-loginpage-path-disclosure(45853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45853" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3080.json b/2008/3xxx/CVE-2008-3080.json index 4b54d7e6a83..bcfb8a20ebf 100644 --- a/2008/3xxx/CVE-2008-3080.json +++ b/2008/3xxx/CVE-2008-3080.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5975", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5975" - }, - { - "name" : "http://www.netvigilance.com/advisory0040", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5975", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5975" + }, + { + "name": "http://www.netvigilance.com/advisory0040", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0040" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3681.json b/2008/3xxx/CVE-2008-3681.json index a6e1b579c4c..dcb98561fc2 100644 --- a/2008/3xxx/CVE-2008-3681.json +++ b/2008/3xxx/CVE-2008-3681.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the \"first enabled user (lowest id)\" password, typically for the administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6234", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6234" - }, - { - "name" : "http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html" - }, - { - "name" : "30667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30667" - }, - { - "name" : "1020687", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020687" - }, - { - "name" : "31457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31457" - }, - { - "name" : "4157", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4157" - }, - { - "name" : "joomla-reset-security-bypass(44430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the \"first enabled user (lowest id)\" password, typically for the administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html" + }, + { + "name": "4157", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4157" + }, + { + "name": "1020687", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020687" + }, + { + "name": "31457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31457" + }, + { + "name": "joomla-reset-security-bypass(44430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44430" + }, + { + "name": "30667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30667" + }, + { + "name": "6234", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6234" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4000.json b/2008/4xxx/CVE-2008-4000.json index 12f2f44ccac..e7eb8ca72ea 100644 --- a/2008/4xxx/CVE-2008-4000.json +++ b/2008/4xxx/CVE-2008-4000.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-4000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081019 CVE-2008-4000: Oracle PeopleTools ? Authentication Weakness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497543/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" - }, - { - "name" : "ADV-2008-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2825" - }, - { - "name" : "1021055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021055" - }, - { - "name" : "32291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32291" - }, - { - "name" : "oracle-peoplesoft-peopletools-unauth-access(45902)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" + }, + { + "name": "oracle-peoplesoft-peopletools-unauth-access(45902)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45902" + }, + { + "name": "32291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32291" + }, + { + "name": "1021055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021055" + }, + { + "name": "ADV-2008-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2825" + }, + { + "name": "20081019 CVE-2008-4000: Oracle PeopleTools ? Authentication Weakness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497543/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4340.json b/2008/4xxx/CVE-2008-4340.json index fbea3fcb574..6ec47e45fa4 100644 --- a/2008/4xxx/CVE-2008-4340.json +++ b/2008/4xxx/CVE-2008-4340.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return (\"\\r\\n\\r\\n\") argument to the window.open function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080924 Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496688/100/0/threaded" - }, - { - "name" : "6554", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6554" - }, - { - "name" : "http://secniche.org/gcrds.html", - "refsource" : "MISC", - "url" : "http://secniche.org/gcrds.html" - }, - { - "name" : "31375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31375" - }, - { - "name" : "4339", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4339" - }, - { - "name" : "google-chrome-carriagereturn-dos(45403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return (\"\\r\\n\\r\\n\") argument to the window.open function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4339", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4339" + }, + { + "name": "6554", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6554" + }, + { + "name": "google-chrome-carriagereturn-dos(45403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45403" + }, + { + "name": "http://secniche.org/gcrds.html", + "refsource": "MISC", + "url": "http://secniche.org/gcrds.html" + }, + { + "name": "31375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31375" + }, + { + "name": "20080924 Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496688/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4512.json b/2008/4xxx/CVE-2008-4512.json index 9cea9849ee1..8cb04f46307 100644 --- a/2008/4xxx/CVE-2008-4512.json +++ b/2008/4xxx/CVE-2008-4512.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080927 shoutbox Remote Password Disclouse Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496789/100/0/threaded" - }, - { - "name" : "4395", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4395" - }, - { - "name" : "shoutbox-shoutdb-information-disclosure(45837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080927 shoutbox Remote Password Disclouse Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496789/100/0/threaded" + }, + { + "name": "shoutbox-shoutdb-information-disclosure(45837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45837" + }, + { + "name": "4395", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4395" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7000.json b/2008/7xxx/CVE-2008-7000.json index bfe9ee1c0c8..32b620ba40e 100644 --- a/2008/7xxx/CVE-2008-7000.json +++ b/2008/7xxx/CVE-2008-7000.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0809-exploits/phpauction32-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0809-exploits/phpauction32-rfi.txt" - }, - { - "name" : "phpauction-lan-file-include(44938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstorm.linuxsecurity.com/0809-exploits/phpauction32-rfi.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0809-exploits/phpauction32-rfi.txt" + }, + { + "name": "phpauction-lan-file-include(44938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44938" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2014.json b/2013/2xxx/CVE-2013-2014.json index 49a297ea40e..31b47f277a6 100644 --- a/2013/2xxx/CVE-2013-2014.json +++ b/2013/2xxx/CVE-2013-2014.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/keystone/+bug/1098177", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/1098177" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/1099025", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/1099025" - }, - { - "name" : "FEDORA-2013-10467", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html" - }, - { - "name" : "59936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59936" - }, - { - "name" : "53397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53397" - }, - { - "name" : "openstack-keystone-cve20132014-http-dos(84347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openstack-keystone-cve20132014-http-dos(84347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84347" + }, + { + "name": "FEDORA-2013-10467", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/1098177", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/1098177" + }, + { + "name": "53397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53397" + }, + { + "name": "59936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59936" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/1099025", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/1099025" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2024.json b/2013/2xxx/CVE-2013-2024.json index e33c4d12369..b6280e8f7f5 100644 --- a/2013/2xxx/CVE-2013-2024.json +++ b/2013/2xxx/CVE-2013-2024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2024", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2024", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2211.json b/2013/2xxx/CVE-2013-2211.json index e9662752b23..818264821f6 100644 --- a/2013/2xxx/CVE-2013-2211.json +++ b/2013/2xxx/CVE-2013-2211.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130625 Re: Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/25/1" - }, - { - "name" : "[oss-security] 20130626 Xen Security Advisory 57 (CVE-2013-2211) - libxl allows guest write access to sensitive console related xenstore keys", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/26/4" - }, - { - "name" : "DSA-3006", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3006" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "[oss-security] 20130626 Xen Security Advisory 57 (CVE-2013-2211) - libxl allows guest write access to sensitive console related xenstore keys", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/26/4" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "[oss-security] 20130625 Re: Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/25/1" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "DSA-3006", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3006" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2241.json b/2013/2xxx/CVE-2013-2241.json index 3c0a603befd..8bbf2b01a23 100644 --- a/2013/2xxx/CVE-2013-2241.json +++ b/2013/2xxx/CVE-2013-2241.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the \"full\" string in the size parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130704 Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/04/11" - }, - { - "name" : "[oss-security] 20130705 Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/05/3" - }, - { - "name" : "http://galleryproject.org/gallery_3_0_9", - "refsource" : "MISC", - "url" : "http://galleryproject.org/gallery_3_0_9" - }, - { - "name" : "http://sourceforge.net/apps/trac/gallery/ticket/2074", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/apps/trac/gallery/ticket/2074" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=981198", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=981198" - }, - { - "name" : "https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed", - "refsource" : "CONFIRM", - "url" : "https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the \"full\" string in the size parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed", + "refsource": "CONFIRM", + "url": "https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed" + }, + { + "name": "[oss-security] 20130704 Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/04/11" + }, + { + "name": "http://galleryproject.org/gallery_3_0_9", + "refsource": "MISC", + "url": "http://galleryproject.org/gallery_3_0_9" + }, + { + "name": "[oss-security] 20130705 Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/05/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=981198", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981198" + }, + { + "name": "http://sourceforge.net/apps/trac/gallery/ticket/2074", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/apps/trac/gallery/ticket/2074" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2245.json b/2013/2xxx/CVE-2013-2245.json index 5818bb4db92..fe857e30e8d 100644 --- a/2013/2xxx/CVE-2013-2245.json +++ b/2013/2xxx/CVE-2013-2245.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=232502", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=232502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=232502", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=232502" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6189.json b/2013/6xxx/CVE-2013-6189.json index 1d881d01b2e..3618af5d023 100644 --- a/2013/6xxx/CVE-2013-6189.json +++ b/2013/6xxx/CVE-2013-6189.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02949", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04041078" - }, - { - "name" : "SSRT101211", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04041078" - }, - { - "name" : "1029542", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029542" - }, - { - "name" : "56263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029542", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029542" + }, + { + "name": "SSRT101211", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04041078" + }, + { + "name": "HPSBGN02949", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04041078" + }, + { + "name": "56263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56263" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6560.json b/2013/6xxx/CVE-2013-6560.json index b6c65927996..00b1436254a 100644 --- a/2013/6xxx/CVE-2013-6560.json +++ b/2013/6xxx/CVE-2013-6560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6560", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6560", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6712.json b/2013/6xxx/CVE-2013-6712.json index db68b2ef924..57644999bdc 100644 --- a/2013/6xxx/CVE-2013-6712.json +++ b/2013/6xxx/CVE-2013-6712.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=66060", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=66060" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-2816", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2816" - }, - { - "name" : "HPSBMU03112", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" - }, - { - "name" : "SSRT101447", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "openSUSE-SU-2013:1963", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" - }, - { - "name" : "openSUSE-SU-2013:1964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" - }, - { - "name" : "USN-2055-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2055-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2816", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2816" + }, + { + "name": "HPSBMU03112", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "openSUSE-SU-2013:1964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "openSUSE-SU-2013:1963", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "SSRT101447", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" + }, + { + "name": "USN-2055-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2055-1" + }, + { + "name": "https://bugs.php.net/bug.php?id=66060", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=66060" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7454.json b/2013/7xxx/CVE-2013-7454.json index 05ef65da45a..7fa2ddb69df 100644 --- a/2013/7xxx/CVE-2013-7454.json +++ b/2013/7xxx/CVE-2013-7454.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11" - }, - { - "name" : "https://nodesecurity.io/advisories/41", - "refsource" : "CONFIRM", - "url" : "https://nodesecurity.io/advisories/41" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/41", + "refsource": "CONFIRM", + "url": "https://nodesecurity.io/advisories/41" + }, + { + "name": "[oss-security] 20160420 various vulnerabilities in Node.js packages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/20/11" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10311.json b/2017/10xxx/CVE-2017-10311.json index f801cb9eb74..58ffde6c6aa 100644 --- a/2017/10xxx/CVE-2017-10311.json +++ b/2017/10xxx/CVE-2017-10311.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.19 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.19 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" - }, - { - "name" : "RHSA-2017:3442", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3442" - }, - { - "name" : "101446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101446" - }, - { - "name" : "1039597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0002/" + }, + { + "name": "1039597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039597" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:3442", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3442" + }, + { + "name": "101446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101446" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10707.json b/2017/10xxx/CVE-2017-10707.json index 566efc6dc84..457c5aca3fb 100644 --- a/2017/10xxx/CVE-2017-10707.json +++ b/2017/10xxx/CVE-2017-10707.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10707", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10707", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10791.json b/2017/10xxx/CVE-2017-10791.json index 6b81c51fc3f..f4a75daf804 100644 --- a/2017/10xxx/CVE-2017-10791.json +++ b/2017/10xxx/CVE-2017-10791.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[pspp-announce] 20170812 pspp-0.11.0 released [stable]", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1467004", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1467004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1467004", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1467004" + }, + { + "name": "[pspp-announce] 20170812 pspp-0.11.0 released [stable]", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10799.json b/2017/10xxx/CVE-2017-10799.json index 550a3e75de5..6947a552959 100644 --- a/2017/10xxx/CVE-2017-10799.json +++ b/2017/10xxx/CVE-2017-10799.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "99358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "99358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99358" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14145.json b/2017/14xxx/CVE-2017-14145.json index 597388631de..6b0dbe01041 100644 --- a/2017/14xxx/CVE-2017-14145.json +++ b/2017/14xxx/CVE-2017-14145.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HelpDEZk 1.1.1 has SQL Injection in app\\modules\\admin\\controllers\\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/M4ple/vulnerability/blob/master/helpdezk_sql/helpdezk_sql_injection.md", - "refsource" : "MISC", - "url" : "https://github.com/M4ple/vulnerability/blob/master/helpdezk_sql/helpdezk_sql_injection.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HelpDEZk 1.1.1 has SQL Injection in app\\modules\\admin\\controllers\\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/M4ple/vulnerability/blob/master/helpdezk_sql/helpdezk_sql_injection.md", + "refsource": "MISC", + "url": "https://github.com/M4ple/vulnerability/blob/master/helpdezk_sql/helpdezk_sql_injection.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14181.json b/2017/14xxx/CVE-2017-14181.json index f9c50ee1125..8241f05c1d7 100644 --- a/2017/14xxx/CVE-2017-14181.json +++ b/2017/14xxx/CVE-2017-14181.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/" - }, - { - "name" : "https://github.com/teknoraver/aacplusenc/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/teknoraver/aacplusenc/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/" + }, + { + "name": "https://github.com/teknoraver/aacplusenc/issues/1", + "refsource": "MISC", + "url": "https://github.com/teknoraver/aacplusenc/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14483.json b/2017/14xxx/CVE-2017-14483.json index 94f4cf75608..59131a2bbe7 100644 --- a/2017/14xxx/CVE-2017-14483.json +++ b/2017/14xxx/CVE-2017-14483.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.gentoo.org/631020", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/631020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.gentoo.org/631020", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/631020" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14588.json b/2017/14xxx/CVE-2017-14588.json index c8a0ca0d2ff..bd0550d84f9 100644 --- a/2017/14xxx/CVE-2017-14588.json +++ b/2017/14xxx/CVE-2017-14588.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-14588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlassian FishEye and Crucible", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Various resources in Atlassian FishEye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-14588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlassian FishEye and Crucible", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.4.2" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8113", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/CRUC-8113" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-6935", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/FE-6935" - }, - { - "name" : "101268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Various resources in Atlassian FishEye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101268" + }, + { + "name": "https://jira.atlassian.com/browse/FE-6935", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/FE-6935" + }, + { + "name": "https://jira.atlassian.com/browse/CRUC-8113", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/CRUC-8113" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14830.json b/2017/14xxx/CVE-2017-14830.json index b7aa50805d9..0df814debe4 100644 --- a/2017/14xxx/CVE-2017-14830.json +++ b/2017/14xxx/CVE-2017-14830.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5022." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-874", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-874" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5022." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-874", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-874" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14897.json b/2017/14xxx/CVE-2017-14897.json index f919ef59129..f60db075c39 100644 --- a/2017/14xxx/CVE-2017-14897.json +++ b/2017/14xxx/CVE-2017-14897.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-14897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper access while checking rpmb provision status" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-14897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access while checking rpmb provision status" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + }, + { + "name": "102073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102073" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15491.json b/2017/15xxx/CVE-2017-15491.json index 9f9d59b1ad2..32879dc0b9c 100644 --- a/2017/15xxx/CVE-2017-15491.json +++ b/2017/15xxx/CVE-2017-15491.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15491", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15491", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15912.json b/2017/15xxx/CVE-2017-15912.json index 24423b42bb6..119fc0216ef 100644 --- a/2017/15xxx/CVE-2017-15912.json +++ b/2017/15xxx/CVE-2017-15912.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15912", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15912", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9407.json b/2017/9xxx/CVE-2017-9407.json index 0f4cc59f96b..bd8be54e546 100644 --- a/2017/9xxx/CVE-2017-9407.json +++ b/2017/9xxx/CVE-2017-9407.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/459", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/459", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/459" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9576.json b/2017/9xxx/CVE-2017-9576.json index 9e3cb74a51b..d6a6a441116 100644 --- a/2017/9xxx/CVE-2017-9576.json +++ b/2017/9xxx/CVE-2017-9576.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Middleton Community Bank Mobile Banking\" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Middleton Community Bank Mobile Banking\" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9677.json b/2017/9xxx/CVE-2017-9677.json index 53b9429084d..e20699ef6c1 100644 --- a/2017/9xxx/CVE-2017-9677.json +++ b/2017/9xxx/CVE-2017-9677.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-9677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable \"ddp->params_length\" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If \"ddp->params_length\" is set to a big number, a buffer overflow will occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-9677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable \"ddp->params_length\" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If \"ddp->params_length\" is set to a big number, a buffer overflow will occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100658" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9854.json b/2017/9xxx/CVE-2017-9854.json index 8f17dd30d71..d031df7d9c0 100644 --- a/2017/9xxx/CVE-2017-9854.json +++ b/2017/9xxx/CVE-2017-9854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://horusscenario.com/CVE-information/", - "refsource" : "MISC", - "url" : "https://horusscenario.com/CVE-information/" - }, - { - "name" : "http://www.sma.de/en/statement-on-cyber-security.html", - "refsource" : "MISC", - "url" : "http://www.sma.de/en/statement-on-cyber-security.html" - }, - { - "name" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", - "refsource" : "MISC", - "url" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sma.de/en/statement-on-cyber-security.html", + "refsource": "MISC", + "url": "http://www.sma.de/en/statement-on-cyber-security.html" + }, + { + "name": "https://horusscenario.com/CVE-information/", + "refsource": "MISC", + "url": "https://horusscenario.com/CVE-information/" + }, + { + "name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", + "refsource": "MISC", + "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0218.json b/2018/0xxx/CVE-2018-0218.json index 480ac4b6b2b..3a7a17038fc 100644 --- a/2018/0xxx/CVE-2018-0218.json +++ b/2018/0xxx/CVE-2018-0218.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Secure Access Control Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Secure Access Control Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Secure Access Control Server", + "version": { + "version_data": [ + { + "version_value": "Cisco Secure Access Control Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1" - }, - { - "name" : "103345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103345" - }, - { - "name" : "1040470", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1" + }, + { + "name": "103345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103345" + }, + { + "name": "1040470", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040470" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0556.json b/2018/0xxx/CVE-2018-0556.json index d5e65445278..821cec41239 100644 --- a/2018/0xxx/CVE-2018-0556.json +++ b/2018/0xxx/CVE-2018-0556.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WZR-1750DHP2", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.2.30 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "BUFFALO INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WZR-1750DHP2", + "version": { + "version_data": [ + { + "version_value": "Ver.2.30 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "BUFFALO INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://buffalo.jp/support_s/s20180328.html", - "refsource" : "CONFIRM", - "url" : "http://buffalo.jp/support_s/s20180328.html" - }, - { - "name" : "JVN#93397125", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN93397125/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#93397125", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN93397125/index.html" + }, + { + "name": "http://buffalo.jp/support_s/s20180328.html", + "refsource": "CONFIRM", + "url": "http://buffalo.jp/support_s/s20180328.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0559.json b/2018/0xxx/CVE-2018-0559.json index c7af6fbb385..91cd7d8fbfd 100644 --- a/2018/0xxx/CVE-2018-0559.json +++ b/2018/0xxx/CVE-2018-0559.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Mailwise", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0 to 5.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Mailwise", + "version": { + "version_data": [ + { + "version_value": "5.0.0 to 5.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/10196", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/10196" - }, - { - "name" : "JVN#52319657", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN52319657/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#52319657", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN52319657/index.html" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/10196", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/10196" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000048.json b/2018/1000xxx/CVE-2018-1000048.json index 42bac56fd35..f78ea9d1b0e 100644 --- a/2018/1000xxx/CVE-2018-1000048.json +++ b/2018/1000xxx/CVE-2018-1000048.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/2/2018 13:42:10", - "ID" : "CVE-2018-1000048", - "REQUESTER" : "nitin.arya@owasp.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RtRetrievalFramework", - "version" : { - "version_data" : [ - { - "version_value" : "v1.0" - } - ] - } - } - ] - }, - "vendor_name" : "NASA " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/2/2018 13:42:10", + "ID": "CVE-2018-1000048", + "REQUESTER": "nitin.arya@owasp.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nasa/RtRetrievalFramework/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/nasa/RtRetrievalFramework/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nasa/RtRetrievalFramework/issues/1", + "refsource": "MISC", + "url": "https://github.com/nasa/RtRetrievalFramework/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000503.json b/2018/1000xxx/CVE-2018-1000503.json index 186d17164a1..012787f1d5b 100644 --- a/2018/1000xxx/CVE-2018-1000503.json +++ b/2018/1000xxx/CVE-2018-1000503.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.003968", - "DATE_REQUESTED" : "2018-04-07T06:38:39", - "ID" : "CVE-2018-1000503", - "REQUESTER" : "riley@mailo.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MyBB", - "version" : { - "version_data" : [ - { - "version_value" : "1.9.14, probably earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "MyBB Group" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.003968", + "DATE_REQUESTED": "2018-04-07T06:38:39", + "ID": "CVE-2018-1000503", + "REQUESTER": "riley@mailo.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", - "refsource" : "MISC", - "url" : "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html" - }, - { - "name" : "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", - "refsource" : "MISC", - "url" : "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html", + "refsource": "MISC", + "url": "http://www.batterystapl.es/2018/03/local-file-inclusion-and-reading.html" + }, + { + "name": "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/", + "refsource": "MISC", + "url": "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000516.json b/2018/1000xxx/CVE-2018-1000516.json index 379b6a2ca27..d655f23bd89 100644 --- a/2018/1000xxx/CVE-2018-1000516.json +++ b/2018/1000xxx/CVE-2018-1000516.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.019017", - "DATE_REQUESTED" : "2018-05-15T09:11:57", - "ID" : "CVE-2018-1000516", - "REQUESTER" : "mateusz.stahl@codeblanc.it", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Galaxy", - "version" : { - "version_data" : [ - { - "version_value" : " v14.10" - } - ] - } - } - ] - }, - "vendor_name" : "The Galaxy Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.019017", + "DATE_REQUESTED": "2018-05-15T09:11:57", + "ID": "CVE-2018-1000516", + "REQUESTER": "mateusz.stahl@codeblanc.it", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://galaxyproject.org/archive/dev-news-briefs/2015-01-13/#security", - "refsource" : "MISC", - "url" : "https://galaxyproject.org/archive/dev-news-briefs/2015-01-13/#security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://galaxyproject.org/archive/dev-news-briefs/2015-01-13/#security", + "refsource": "MISC", + "url": "https://galaxyproject.org/archive/dev-news-briefs/2015-01-13/#security" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15532.json b/2018/15xxx/CVE-2018-15532.json index 85f6d26ca69..e69d1d72114 100644 --- a/2018/15xxx/CVE-2018-15532.json +++ b/2018/15xxx/CVE-2018-15532.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15532", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/106799", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/106799" + }, + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-23156", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-23156" + }, + { + "url": "https://www.synaptics.com/products/touchpad-family", + "refsource": "MISC", + "name": "https://www.synaptics.com/products/touchpad-family" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf", + "url": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf" } ] } diff --git a/2018/16xxx/CVE-2018-16094.json b/2018/16xxx/CVE-2018-16094.json index f9436c6b428..43f48de21d9 100644 --- a/2018/16xxx/CVE-2018-16094.json +++ b/2018/16xxx/CVE-2018-16094.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2018-16094", - "STATE" : "PUBLIC", - "TITLE" : "System Management Module Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ThinkSystem SMM", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "1.06" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2018-16094", + "STATE": "PUBLIC", + "TITLE": "System Management Module Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ThinkSystem SMM", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.06" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-24374", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-24374" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Update SMM firmware" - } - ], - "source" : { - "advisory" : "LEN-24374", - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-24374", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-24374" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update SMM firmware" + } + ], + "source": { + "advisory": "LEN-24374", + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16633.json b/2018/16xxx/CVE-2018-16633.json index b13243cea7d..82f3fc245ee 100644 --- a/2018/16xxx/CVE-2018-16633.json +++ b/2018/16xxx/CVE-2018-16633.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-16633/blob/master/PLUCK_XSS.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-16633/blob/master/PLUCK_XSS.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-16633/blob/master/PLUCK_XSS.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-16633/blob/master/PLUCK_XSS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16752.json b/2018/16xxx/CVE-2018-16752.json index f61ffa18ae1..8e0468f2cb3 100644 --- a/2018/16xxx/CVE-2018-16752.json +++ b/2018/16xxx/CVE-2018-16752.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45351", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45351/" - }, - { - "name" : "http://packetstormsecurity.com/files/149297/LW-N605R-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149297/LW-N605R-Remote-Code-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149297/LW-N605R-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149297/LW-N605R-Remote-Code-Execution.html" + }, + { + "name": "45351", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45351/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19324.json b/2018/19xxx/CVE-2018-19324.json index 8fccc2067c1..ba235ea3c12 100644 --- a/2018/19xxx/CVE-2018-19324.json +++ b/2018/19xxx/CVE-2018-19324.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/laolisafe/Kimsq/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/laolisafe/Kimsq/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/laolisafe/Kimsq/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/laolisafe/Kimsq/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19446.json b/2018/19xxx/CVE-2018-19446.json index 5079fae0e90..98901e96fff 100644 --- a/2018/19xxx/CVE-2018-19446.json +++ b/2018/19xxx/CVE-2018-19446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19446", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19446", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19532.json b/2018/19xxx/CVE-2018-19532.json index dbb272d3372..a5e765837ee 100644 --- a/2018/19xxx/CVE-2018-19532.json +++ b/2018/19xxx/CVE-2018-19532.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/", - "refsource" : "MISC", - "url" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/" - }, - { - "name" : "https://sourceforge.net/p/podofo/tickets/32/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/podofo/tickets/32/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/podofo/tickets/32/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/podofo/tickets/32/" + }, + { + "name": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/", + "refsource": "MISC", + "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19879.json b/2018/19xxx/CVE-2018-19879.json index 33f88ec1056..afb96c3b28f 100644 --- a/2018/19xxx/CVE-2018-19879.json +++ b/2018/19xxx/CVE-2018-19879.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19879", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19879", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4022.json b/2018/4xxx/CVE-2018-4022.json index a2f70760258..54c8ccd4fb0 100644 --- a/2018/4xxx/CVE-2018-4022.json +++ b/2018/4xxx/CVE-2018-4022.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2018-4022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MKVToolNix", - "version" : { - "version_data" : [ - { - "version_value" : "MKVToolNix mkvinfo v25.0.0 ('Prog Noir') 64-bit" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2018-4022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MKVToolNix", + "version": { + "version_data": [ + { + "version_value": "MKVToolNix mkvinfo v25.0.0 ('Prog Noir') 64-bit" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4093.json b/2018/4xxx/CVE-2018-4093.json index 627c52b7000..15f29423e20 100644 --- a/2018/4xxx/CVE-2018-4093.json +++ b/2018/4xxx/CVE-2018-4093.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208462", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208462" - }, - { - "name" : "https://support.apple.com/HT208463", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208463" - }, - { - "name" : "https://support.apple.com/HT208464", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208464" - }, - { - "name" : "https://support.apple.com/HT208465", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208465" - }, - { - "name" : "102782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102782" - }, - { - "name" : "1040265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040265" - }, - { - "name" : "1040267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208462", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208462" + }, + { + "name": "https://support.apple.com/HT208465", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208465" + }, + { + "name": "1040265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040265" + }, + { + "name": "102782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102782" + }, + { + "name": "https://support.apple.com/HT208464", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208464" + }, + { + "name": "1040267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040267" + }, + { + "name": "https://support.apple.com/HT208463", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208463" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4269.json b/2018/4xxx/CVE-2018-4269.json index d00f4e8d4a7..76cd36628b3 100644 --- a/2018/4xxx/CVE-2018-4269.json +++ b/2018/4xxx/CVE-2018-4269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4269", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4269", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file