From 770e2025b437d0090ccf6b804995ca149c9ca815 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:37:14 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1272.json | 130 +++--- 2004/1xxx/CVE-2004-1452.json | 150 +++---- 2008/0xxx/CVE-2008-0013.json | 180 ++++---- 2008/0xxx/CVE-2008-0535.json | 220 +++++----- 2008/0xxx/CVE-2008-0990.json | 200 ++++----- 2008/3xxx/CVE-2008-3268.json | 150 +++---- 2008/3xxx/CVE-2008-3490.json | 160 ++++---- 2008/3xxx/CVE-2008-3754.json | 130 +++--- 2008/3xxx/CVE-2008-3999.json | 170 ++++---- 2008/4xxx/CVE-2008-4019.json | 220 +++++----- 2008/4xxx/CVE-2008-4070.json | 360 ++++++++-------- 2008/4xxx/CVE-2008-4180.json | 140 +++---- 2008/4xxx/CVE-2008-4775.json | 210 +++++----- 2008/4xxx/CVE-2008-4891.json | 160 ++++---- 2008/7xxx/CVE-2008-7218.json | 300 +++++++------- 2008/7xxx/CVE-2008-7231.json | 150 +++---- 2013/2xxx/CVE-2013-2086.json | 120 +++--- 2013/2xxx/CVE-2013-2137.json | 170 ++++---- 2013/2xxx/CVE-2013-2471.json | 430 +++++++++---------- 2013/2xxx/CVE-2013-2554.json | 130 +++--- 2013/3xxx/CVE-2013-3327.json | 180 ++++---- 2013/6xxx/CVE-2013-6300.json | 130 +++--- 2013/6xxx/CVE-2013-6386.json | 160 ++++---- 2013/6xxx/CVE-2013-6752.json | 34 +- 2013/6xxx/CVE-2013-6821.json | 140 +++---- 2013/6xxx/CVE-2013-6854.json | 34 +- 2013/7xxx/CVE-2013-7316.json | 150 +++---- 2013/7xxx/CVE-2013-7446.json | 640 ++++++++++++++--------------- 2017/10xxx/CVE-2017-10305.json | 34 +- 2017/10xxx/CVE-2017-10331.json | 182 ++++---- 2017/10xxx/CVE-2017-10566.json | 34 +- 2017/10xxx/CVE-2017-10765.json | 120 +++--- 2017/10xxx/CVE-2017-10804.json | 140 +++---- 2017/14xxx/CVE-2017-14059.json | 140 +++---- 2017/14xxx/CVE-2017-14304.json | 120 +++--- 2017/14xxx/CVE-2017-14572.json | 120 +++--- 2017/14xxx/CVE-2017-14671.json | 34 +- 2017/14xxx/CVE-2017-14966.json | 120 +++--- 2017/15xxx/CVE-2017-15280.json | 130 +++--- 2017/15xxx/CVE-2017-15699.json | 132 +++--- 2017/15xxx/CVE-2017-15867.json | 130 +++--- 2017/15xxx/CVE-2017-15997.json | 120 +++--- 2017/17xxx/CVE-2017-17517.json | 120 +++--- 2017/9xxx/CVE-2017-9473.json | 130 +++--- 2017/9xxx/CVE-2017-9642.json | 34 +- 2017/9xxx/CVE-2017-9663.json | 130 +++--- 2017/9xxx/CVE-2017-9748.json | 140 +++---- 2017/9xxx/CVE-2017-9781.json | 130 +++--- 2018/0xxx/CVE-2018-0141.json | 140 +++---- 2018/0xxx/CVE-2018-0555.json | 130 +++--- 2018/0xxx/CVE-2018-0582.json | 130 +++--- 2018/0xxx/CVE-2018-0692.json | 120 +++--- 2018/0xxx/CVE-2018-0761.json | 142 +++---- 2018/1000xxx/CVE-2018-1000425.json | 134 +++--- 2018/1000xxx/CVE-2018-1000507.json | 126 +++--- 2018/16xxx/CVE-2018-16132.json | 120 +++--- 2018/16xxx/CVE-2018-16564.json | 34 +- 2018/16xxx/CVE-2018-16867.json | 160 ++++---- 2018/19xxx/CVE-2018-19257.json | 34 +- 2018/19xxx/CVE-2018-19259.json | 34 +- 2018/19xxx/CVE-2018-19635.json | 148 +++---- 2018/19xxx/CVE-2018-19745.json | 34 +- 2018/4xxx/CVE-2018-4031.json | 34 +- 2018/4xxx/CVE-2018-4177.json | 34 +- 2018/4xxx/CVE-2018-4821.json | 34 +- 65 files changed, 4588 insertions(+), 4588 deletions(-) diff --git a/2004/1xxx/CVE-2004-1272.json b/2004/1xxx/CVE-2004-1272.json index d16d5a4e0ab..aceb86d8279 100644 --- a/2004/1xxx/CVE-2004-1272.json +++ b/2004/1xxx/CVE-2004-1272.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/elm-bolthole-filter.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/elm-bolthole-filter.txt" - }, - { - "name" : "elm-bolthole-bo(18607)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tigger.uic.edu/~jlongs2/holes/elm-bolthole-filter.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/elm-bolthole-filter.txt" + }, + { + "name": "elm-bolthole-bo(18607)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18607" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1452.json b/2004/1xxx/CVE-2004-1452.json index 97c5e27a9ce..167782b5b7b 100644 --- a/2004/1xxx/CVE-2004-1452.json +++ b/2004/1xxx/CVE-2004-1452.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200408-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml" - }, - { - "name" : "10951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10951" - }, - { - "name" : "12296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12296/" - }, - { - "name" : "gentoo-tomcat-gain-privileges(16993)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10951" + }, + { + "name": "gentoo-tomcat-gain-privileges(16993)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16993" + }, + { + "name": "GLSA-200408-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-15.xml" + }, + { + "name": "12296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12296/" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0013.json b/2008/0xxx/CVE-2008-0013.json index bf0d106d6dc..6fd4709b08c 100644 --- a/2008/0xxx/CVE-2008-0013.json +++ b/2008/0xxx/CVE-2008-0013.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/310.html" - }, - { - "name" : "http://blogs.iss.net/archive/trend.html", - "refsource" : "MISC", - "url" : "http://blogs.iss.net/archive/trend.html" - }, - { - "name" : "VU#768681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/768681" - }, - { - "name" : "32261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32261" - }, - { - "name" : "ADV-2008-3127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3127" - }, - { - "name" : "32618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32618" - }, - { - "name" : "application-rpc-config2-bo(39919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32618" + }, + { + "name": "32261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32261" + }, + { + "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", + "refsource": "ISS", + "url": "http://www.iss.net/threats/310.html" + }, + { + "name": "application-rpc-config2-bo(39919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39919" + }, + { + "name": "VU#768681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/768681" + }, + { + "name": "http://blogs.iss.net/archive/trend.html", + "refsource": "MISC", + "url": "http://blogs.iss.net/archive/trend.html" + }, + { + "name": "ADV-2008-3127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3127" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0535.json b/2008/0xxx/CVE-2008-0535.json index 085c7d9e20c..f3d9fd300c7 100644 --- a/2008/0xxx/CVE-2008-0535.json +++ b/2008/0xxx/CVE-2008-0535.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via \"SSH credentials that attempt to change the authentication method,\" aka Bug ID CSCsm14239." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-0535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.icon-labs.com/news/read.asp?newsID=77", - "refsource" : "CONFIRM", - "url" : "http://www.icon-labs.com/news/read.asp?newsID=77" - }, - { - "name" : "20080521 Cisco Service Control Engine Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml" - }, - { - "name" : "VU#626979", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/626979" - }, - { - "name" : "29316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29316" - }, - { - "name" : "29609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29609" - }, - { - "name" : "ADV-2008-1604", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1604/references" - }, - { - "name" : "ADV-2008-1774", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1774/references" - }, - { - "name" : "1020074", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020074" - }, - { - "name" : "30316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30316" - }, - { - "name" : "30590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30590" - }, - { - "name" : "cisco-sce-ssh-credentials-dos(42567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via \"SSH credentials that attempt to change the authentication method,\" aka Bug ID CSCsm14239." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30316" + }, + { + "name": "ADV-2008-1774", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1774/references" + }, + { + "name": "30590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30590" + }, + { + "name": "29609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29609" + }, + { + "name": "VU#626979", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/626979" + }, + { + "name": "http://www.icon-labs.com/news/read.asp?newsID=77", + "refsource": "CONFIRM", + "url": "http://www.icon-labs.com/news/read.asp?newsID=77" + }, + { + "name": "20080521 Cisco Service Control Engine Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml" + }, + { + "name": "1020074", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020074" + }, + { + "name": "29316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29316" + }, + { + "name": "cisco-sce-ssh-credentials-dos(42567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42567" + }, + { + "name": "ADV-2008-1604", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1604/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0990.json b/2008/0xxx/CVE-2008-0990.json index b09655fff6e..1e772fd6697 100644 --- a/2008/0xxx/CVE-2008-0990.json +++ b/2008/0xxx/CVE-2008-0990.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "TA08-079A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" - }, - { - "name" : "28345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28345" - }, - { - "name" : "28304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28304" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019663", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019663" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "macos-notifyd-dos(41289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28345" + }, + { + "name": "28304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28304" + }, + { + "name": "TA08-079A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "1019663", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019663" + }, + { + "name": "macos-notifyd-dos(41289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41289" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3268.json b/2008/3xxx/CVE-2008-3268.json index 42261151a72..8c82d19ef8b 100644 --- a/2008/3xxx/CVE-2008-3268.json +++ b/2008/3xxx/CVE-2008-3268.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=614202", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=614202" - }, - { - "name" : "30300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30300" - }, - { - "name" : "31147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31147" - }, - { - "name" : "phpscheduleit-unspecified-security-bypass(43900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=614202", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=614202" + }, + { + "name": "30300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30300" + }, + { + "name": "phpscheduleit-unspecified-security-bypass(43900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43900" + }, + { + "name": "31147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31147" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3490.json b/2008/3xxx/CVE-2008-3490.json index 4f65c385f81..729bea9f57a 100644 --- a/2008/3xxx/CVE-2008-3490.json +++ b/2008/3xxx/CVE-2008-3490.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6184", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6184" - }, - { - "name" : "30503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30503" - }, - { - "name" : "31346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31346" - }, - { - "name" : "4113", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4113" - }, - { - "name" : "onlinedating-mail-sql-injection(44165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "onlinedating-mail-sql-injection(44165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44165" + }, + { + "name": "30503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30503" + }, + { + "name": "4113", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4113" + }, + { + "name": "6184", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6184" + }, + { + "name": "31346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31346" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3754.json b/2008/3xxx/CVE-2008-3754.json index 39338e00010..d5f9c1495e8 100644 --- a/2008/3xxx/CVE-2008-3754.json +++ b/2008/3xxx/CVE-2008-3754.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0808-exploits/stylishtextads-sql.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0808-exploits/stylishtextads-sql.txt" - }, - { - "name" : "30766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30766" + }, + { + "name": "http://www.packetstormsecurity.org/0808-exploits/stylishtextads-sql.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0808-exploits/stylishtextads-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3999.json b/2008/3xxx/CVE-2008-3999.json index d663d2a9fbe..1c7840845d4 100644 --- a/2008/3xxx/CVE-2008-3999.json +++ b/2008/3xxx/CVE-2008-3999.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-3999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "51349", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51349" - }, - { - "name" : "1021561", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021561" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "1021561", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021561" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "51349", + "refsource": "OSVDB", + "url": "http://osvdb.org/51349" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4019.json b/2008/4xxx/CVE-2008-4019.json index dc306a8fbce..a91ed93a7bd 100644 --- a/2008/4xxx/CVE-2008-4019.json +++ b/2008/4xxx/CVE-2008-4019.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka \"Formula Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-4019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02379", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "SSRT080143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "MS08-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057" - }, - { - "name" : "TA08-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" - }, - { - "name" : "31706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31706" - }, - { - "name" : "oval:org.mitre.oval:def:6102", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102" - }, - { - "name" : "ADV-2008-2808", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2808" - }, - { - "name" : "1021044", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021044" - }, - { - "name" : "32211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32211" - }, - { - "name" : "excel-rept-code-execution(45580)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45580" - }, - { - "name" : "win-ms08kb956416-update(45581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka \"Formula Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "excel-rept-code-execution(45580)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45580" + }, + { + "name": "SSRT080143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "1021044", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021044" + }, + { + "name": "ADV-2008-2808", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2808" + }, + { + "name": "MS08-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057" + }, + { + "name": "HPSBST02379", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "win-ms08kb956416-update(45581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581" + }, + { + "name": "oval:org.mitre.oval:def:6102", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102" + }, + { + "name": "TA08-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" + }, + { + "name": "32211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32211" + }, + { + "name": "31706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31706" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4070.json b/2008/4xxx/CVE-2008-4070.json index 81a4701221c..8579067beb1 100644 --- a/2008/4xxx/CVE-2008-4070.json +++ b/2008/4xxx/CVE-2008-4070.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to \"canceling [a] newsgroup message\" and \"cancelled newsgroup messages.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-46.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-46.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=425152", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=425152" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "DSA-1696", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1696" - }, - { - "name" : "MDVSA-2008:206", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206" - }, - { - "name" : "RHSA-2008:0908", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0908.html" - }, - { - "name" : "SSA:2008-269-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422" - }, - { - "name" : "SSA:2008-270-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html" - }, - { - "name" : "USN-647-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-647-1" - }, - { - "name" : "31411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31411" - }, - { - "name" : "oval:org.mitre.oval:def:10933", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10933" - }, - { - "name" : "1020948", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020948" - }, - { - "name" : "32025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32025" - }, - { - "name" : "32092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32092" - }, - { - "name" : "32044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32044" - }, - { - "name" : "32082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32082" - }, - { - "name" : "32010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32010" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "33434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33434" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "32196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32196" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - }, - { - "name" : "mozilla-newsgroupmessage-bo(45426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to \"canceling [a] newsgroup message\" and \"cancelled newsgroup messages.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32025" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=425152", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=425152" + }, + { + "name": "MDVSA-2008:206", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206" + }, + { + "name": "32010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32010" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "SUSE-SA:2008:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html" + }, + { + "name": "mozilla-newsgroupmessage-bo(45426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45426" + }, + { + "name": "32196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32196" + }, + { + "name": "oval:org.mitre.oval:def:10933", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10933" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "SSA:2008-269-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422" + }, + { + "name": "1020948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020948" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "32092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32092" + }, + { + "name": "DSA-1696", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1696" + }, + { + "name": "USN-647-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-647-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-46.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-46.html" + }, + { + "name": "33434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33434" + }, + { + "name": "SSA:2008-270-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123" + }, + { + "name": "32044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32044" + }, + { + "name": "RHSA-2008:0908", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0908.html" + }, + { + "name": "31411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31411" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + }, + { + "name": "32082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32082" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4180.json b/2008/4xxx/CVE-2008-4180.json index 41c23875327..70a37dfb452 100644 --- a/2008/4xxx/CVE-2008-4180.json +++ b/2008/4xxx/CVE-2008-4180.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a \"localhost\" g_dbhost parameter value, related to a \"Mysql Remote Brute Force Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080911 Nooms 1.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496236/100/0/threaded" - }, - { - "name" : "4289", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4289" - }, - { - "name" : "nooms-db-information-disclosure(45076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a \"localhost\" g_dbhost parameter value, related to a \"Mysql Remote Brute Force Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4289", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4289" + }, + { + "name": "20080911 Nooms 1.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496236/100/0/threaded" + }, + { + "name": "nooms-db-information-disclosure(45076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45076" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4775.json b/2008/4xxx/CVE-2008-4775.json index 80aed44f8c6..06a10734560 100644 --- a/2008/4xxx/CVE-2008-4775.json +++ b/2008/4xxx/CVE-2008-4775.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081027 XSS in phpMyadmin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497815/100/0/threaded" - }, - { - "name" : "FEDORA-2008-9316", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00908.html" - }, - { - "name" : "FEDORA-2008-9336", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00925.html" - }, - { - "name" : "GLSA-200903-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-32.xml" - }, - { - "name" : "31928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31928" - }, - { - "name" : "ADV-2008-2943", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2943" - }, - { - "name" : "32449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32449" - }, - { - "name" : "32482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32482" - }, - { - "name" : "4516", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4516" - }, - { - "name" : "phpmyadmin-pmdpdf-xss(46136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-9316", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00908.html" + }, + { + "name": "GLSA-200903-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-32.xml" + }, + { + "name": "32449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32449" + }, + { + "name": "phpmyadmin-pmdpdf-xss(46136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46136" + }, + { + "name": "20081027 XSS in phpMyadmin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497815/100/0/threaded" + }, + { + "name": "ADV-2008-2943", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2943" + }, + { + "name": "4516", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4516" + }, + { + "name": "31928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31928" + }, + { + "name": "32482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32482" + }, + { + "name": "FEDORA-2008-9336", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00925.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4891.json b/2008/4xxx/CVE-2008-4891.json index 33a8fb9899f..a4293f1e055 100644 --- a/2008/4xxx/CVE-2008-4891.json +++ b/2008/4xxx/CVE-2008-4891.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/88/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/88/45/" - }, - { - "name" : "http://www.planetluc.com/en/news/20081101_xss.php?navurl=/en/news.php", - "refsource" : "CONFIRM", - "url" : "http://www.planetluc.com/en/news/20081101_xss.php?navurl=/en/news.php" - }, - { - "name" : "32068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32068" - }, - { - "name" : "32506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32506" - }, - { - "name" : "signme-hash-xss(46199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32068" + }, + { + "name": "http://www.planetluc.com/en/news/20081101_xss.php?navurl=/en/news.php", + "refsource": "CONFIRM", + "url": "http://www.planetluc.com/en/news/20081101_xss.php?navurl=/en/news.php" + }, + { + "name": "32506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32506" + }, + { + "name": "signme-hash-xss(46199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46199" + }, + { + "name": "http://holisticinfosec.org/content/view/88/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/88/45/" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7218.json b/2008/7xxx/CVE-2008-7218.json index 3586de69eab..dad29c74afb 100644 --- a/2008/7xxx/CVE-2008-7218.json +++ b/2008/7xxx/CVE-2008-7218.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20080109 Horde 3.1.6 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000360.html" - }, - { - "name" : "[announce] 20080109 Horde Groupware 1.0.3 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000365.html" - }, - { - "name" : "[announce] 20080109 Kronolith H3 (2.1.7) (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000362.html" - }, - { - "name" : "[announce] 20080109 Mnemo H3 (2.1.2) (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000364.html" - }, - { - "name" : "[announce] 20080109 Nag H3 (2.1.4) (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000363.html" - }, - { - "name" : "[announce] 20080109 Turba H3 (2.1.6) (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000361.html" - }, - { - "name" : "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000366.html" - }, - { - "name" : "[announce] 20080122 Horde 3.2-RC2", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000374.html" - }, - { - "name" : "[announce] 20080122 Kronolith H3 (2.2-RC2)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000371.html" - }, - { - "name" : "[announce] 20080122 Mnemo H3 (2.2-RC2)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000369.html" - }, - { - "name" : "[announce] 20080122 Nag H3 (2.2-RC2)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000368.html" - }, - { - "name" : "[announce] 20080122 Turba H3 (2.2-RC2)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000367.html" - }, - { - "name" : "[announce] 20080206 Horde Groupware 1.1-RC2", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000376.html" - }, - { - "name" : "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2008/000377.html" - }, - { - "name" : "FEDORA-2008-2212", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html" - }, - { - "name" : "27217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27217" - }, - { - "name" : "42775", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/42775" - }, - { - "name" : "28382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28382" - }, - { - "name" : "horde-hordeapi-privilege-escalation(39599)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[announce] 20080122 Kronolith H3 (2.2-RC2)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000371.html" + }, + { + "name": "[announce] 20080122 Mnemo H3 (2.2-RC2)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000369.html" + }, + { + "name": "[announce] 20080109 Nag H3 (2.1.4) (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000363.html" + }, + { + "name": "27217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27217" + }, + { + "name": "[announce] 20080109 Horde Groupware 1.0.3 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000365.html" + }, + { + "name": "[announce] 20080206 Horde Groupware 1.1-RC2", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000376.html" + }, + { + "name": "[announce] 20080122 Turba H3 (2.2-RC2)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000367.html" + }, + { + "name": "FEDORA-2008-2212", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html" + }, + { + "name": "[announce] 20080109 Horde 3.1.6 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000360.html" + }, + { + "name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000364.html" + }, + { + "name": "28382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28382" + }, + { + "name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000377.html" + }, + { + "name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000366.html" + }, + { + "name": "[announce] 20080109 Turba H3 (2.1.6) (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000361.html" + }, + { + "name": "horde-hordeapi-privilege-escalation(39599)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599" + }, + { + "name": "[announce] 20080122 Horde 3.2-RC2", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000374.html" + }, + { + "name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000362.html" + }, + { + "name": "[announce] 20080122 Nag H3 (2.2-RC2)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2008/000368.html" + }, + { + "name": "42775", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/42775" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7231.json b/2008/7xxx/CVE-2008-7231.json index df7a0a45ddc..fb6514d7efb 100644 --- a/2008/7xxx/CVE-2008-7231.json +++ b/2008/7xxx/CVE-2008-7231.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) or (2) container (subGeneralProps:dmpvContainerTitle:PROP_W_title)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://labs.mwrinfosecurity.com/advisories/meridio_cross_site_scripting_vulnerability/", - "refsource" : "MISC", - "url" : "http://labs.mwrinfosecurity.com/advisories/meridio_cross_site_scripting_vulnerability/" - }, - { - "name" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_meridio-advisory-embedded-xss_2008-01-15.pdf", - "refsource" : "MISC", - "url" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_meridio-advisory-embedded-xss_2008-01-15.pdf" - }, - { - "name" : "27721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27721" - }, - { - "name" : "documentsandrecordsmanagement-title-xss(40422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) or (2) container (subGeneralProps:dmpvContainerTitle:PROP_W_title)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://labs.mwrinfosecurity.com/advisories/meridio_cross_site_scripting_vulnerability/", + "refsource": "MISC", + "url": "http://labs.mwrinfosecurity.com/advisories/meridio_cross_site_scripting_vulnerability/" + }, + { + "name": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_meridio-advisory-embedded-xss_2008-01-15.pdf", + "refsource": "MISC", + "url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_meridio-advisory-embedded-xss_2008-01-15.pdf" + }, + { + "name": "documentsandrecordsmanagement-title-xss(40422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40422" + }, + { + "name": "27721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27721" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2086.json b/2013/2xxx/CVE-2013-2086.json index f25516a8a0b..7b5442d22e6 100644 --- a/2013/2xxx/CVE-2013-2086.json +++ b/2013/2xxx/CVE-2013-2086.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-027/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-027/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-027/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-027/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2137.json b/2013/2xxx/CVE-2013-2137.json index 6e09faa6f36..bbdc537d52e 100644 --- a/2013/2xxx/CVE-2013-2137.json +++ b/2013/2xxx/CVE-2013-2137.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"View Log\" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130720 [CVE-2013-2137] Apache OFBiz XSS vulnerability in the \"View Log\" screen of the Webtools application", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0144.html" - }, - { - "name" : "http://ofbiz.apache.org/download.html#vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://ofbiz.apache.org/download.html#vulnerabilities" - }, - { - "name" : "61370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61370" - }, - { - "name" : "95523", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95523" - }, - { - "name" : "53910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53910" - }, - { - "name" : "apache-ofbiz-cve20132137-xss(85874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"View Log\" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apache-ofbiz-cve20132137-xss(85874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85874" + }, + { + "name": "http://ofbiz.apache.org/download.html#vulnerabilities", + "refsource": "CONFIRM", + "url": "http://ofbiz.apache.org/download.html#vulnerabilities" + }, + { + "name": "53910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53910" + }, + { + "name": "61370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61370" + }, + { + "name": "20130720 [CVE-2013-2137] Apache OFBiz XSS vulnerability in the \"View Log\" screen of the Webtools application", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0144.html" + }, + { + "name": "95523", + "refsource": "OSVDB", + "url": "http://osvdb.org/95523" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2471.json b/2013/2xxx/CVE-2013-2471.json index 77e73a67f9b..4a6b3931bf1 100644 --- a/2013/2xxx/CVE-2013-2471.json +++ b/2013/2xxx/CVE-2013-2471.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect IntegerComponentRaster size checks.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/4c3d38927a26", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/4c3d38927a26" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975102", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975102" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2013-0185.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2013-0185.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "MDVSA-2013:183", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1293", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "SUSE-SU-2013:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" - }, - { - "name" : "SUSE-SU-2013:1264", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60659" - }, - { - "name" : "oval:org.mitre.oval:def:16840", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16840" - }, - { - "name" : "oval:org.mitre.oval:def:19295", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19295" - }, - { - "name" : "oval:org.mitre.oval:def:19413", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19413" - }, - { - "name" : "oval:org.mitre.oval:def:19441", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19441" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect IntegerComponentRaster size checks.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "oval:org.mitre.oval:def:16840", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16840" + }, + { + "name": "oval:org.mitre.oval:def:19441", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19441" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1264", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19413", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19413" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/4c3d38927a26", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/4c3d38927a26" + }, + { + "name": "oval:org.mitre.oval:def:19295", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19295" + }, + { + "name": "SUSE-SU-2013:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" + }, + { + "name": "60659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60659" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "SUSE-SU-2013:1293", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" + }, + { + "name": "RHSA-2013:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "http://advisories.mageia.org/MGASA-2013-0185.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2013-0185.html" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "MDVSA-2013:183", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975102", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975102" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2554.json b/2013/2xxx/CVE-2013-2554.json index 6c0c648aa8c..b9cb7e677e8 100644 --- a/2013/2xxx/CVE-2013-2554.json +++ b/2013/2xxx/CVE-2013-2554.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", - "refsource" : "MISC", - "url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" - }, - { - "name" : "http://twitter.com/thezdi/statuses/309484730506698752", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/309484730506698752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://twitter.com/thezdi/statuses/309484730506698752", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/309484730506698752" + }, + { + "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", + "refsource": "MISC", + "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3327.json b/2013/3xxx/CVE-2013-3327.json index 26323341af2..090f7d47b7a 100644 --- a/2013/3xxx/CVE-2013-3327.json +++ b/2013/3xxx/CVE-2013-3327.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-3327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html" - }, - { - "name" : "RHSA-2013:0825", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0825.html" - }, - { - "name" : "SUSE-SU-2013:0798", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:0892", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:0954", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" - }, - { - "name" : "oval:org.mitre.oval:def:16897", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16897" - }, - { - "name" : "53442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0892", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" + }, + { + "name": "53442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53442" + }, + { + "name": "SUSE-SU-2013:0798", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" + }, + { + "name": "openSUSE-SU-2013:0954", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" + }, + { + "name": "oval:org.mitre.oval:def:16897", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16897" + }, + { + "name": "RHSA-2013:0825", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6300.json b/2013/6xxx/CVE-2013-6300.json index 14535752d43..3bc1db845cb 100644 --- a/2013/6xxx/CVE-2013-6300.json +++ b/2013/6xxx/CVE-2013-6300.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110" - }, - { - "name" : "ibm-algo-one-cve20136300-xss(88526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-algo-one-cve20136300-xss(88526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88526" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6386.json b/2013/6xxx/CVE-2013-6386.json index 20a96b2d9b9..a3309e8de3c 100644 --- a/2013/6xxx/CVE-2013-6386.json +++ b/2013/6xxx/CVE-2013-6386.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131122 SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/22/4" - }, - { - "name" : "https://drupal.org/SA-CORE-2013-003", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/SA-CORE-2013-003" - }, - { - "name" : "DSA-2828", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2828" - }, - { - "name" : "DSA-2804", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2804" - }, - { - "name" : "56148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56148" + }, + { + "name": "DSA-2828", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2828" + }, + { + "name": "[oss-security] 20131122 SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/22/4" + }, + { + "name": "https://drupal.org/SA-CORE-2013-003", + "refsource": "CONFIRM", + "url": "https://drupal.org/SA-CORE-2013-003" + }, + { + "name": "DSA-2804", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2804" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6752.json b/2013/6xxx/CVE-2013-6752.json index 9104fafcf5c..9a842fd39cf 100644 --- a/2013/6xxx/CVE-2013-6752.json +++ b/2013/6xxx/CVE-2013-6752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6752", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6752", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6821.json b/2013/6xxx/CVE-2013-6821.json index 7369dd4dd41..4ef3beca2a0 100644 --- a/2013/6xxx/CVE-2013-6821.json +++ b/2013/6xxx/CVE-2013-6821.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/dsecrg-13-003-sap-netweaver-exportability-check-service-unauthorized-directory-traversal/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/dsecrg-13-003-sap-netweaver-exportability-check-service-unauthorized-directory-traversal/" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1628537", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1628537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://service.sap.com/sap/support/notes/1628537", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1628537" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "https://erpscan.io/advisories/dsecrg-13-003-sap-netweaver-exportability-check-service-unauthorized-directory-traversal/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/dsecrg-13-003-sap-netweaver-exportability-check-service-unauthorized-directory-traversal/" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6854.json b/2013/6xxx/CVE-2013-6854.json index 004879257cf..fc3a2de9aa9 100644 --- a/2013/6xxx/CVE-2013-6854.json +++ b/2013/6xxx/CVE-2013-6854.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6854", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6854", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7316.json b/2013/7xxx/CVE-2013-7316.json index cae51acf6d9..d66ef98a743 100644 --- a/2013/7xxx/CVE-2013-7316.json +++ b/2013/7xxx/CVE-2013-7316.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30329", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30329" - }, - { - "name" : "https://www.gitlab.com/2014/01/30/xss-vulnerability-in-gitlab/", - "refsource" : "CONFIRM", - "url" : "https://www.gitlab.com/2014/01/30/xss-vulnerability-in-gitlab/" - }, - { - "name" : "64490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64490" - }, - { - "name" : "gitlab-readme-xss(89932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.gitlab.com/2014/01/30/xss-vulnerability-in-gitlab/", + "refsource": "CONFIRM", + "url": "https://www.gitlab.com/2014/01/30/xss-vulnerability-in-gitlab/" + }, + { + "name": "64490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64490" + }, + { + "name": "30329", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30329" + }, + { + "name": "gitlab-readme-xss(89932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89932" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7446.json b/2013/7xxx/CVE-2013-7446.json index fbe950a750a..d7ec7c06d58 100644 --- a/2013/7xxx/CVE-2013-7446.json +++ b/2013/7xxx/CVE-2013-7446.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20131014 Re: epoll oops.", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2013/10/14/424" - }, - { - "name" : "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2014/5/15/532" - }, - { - "name" : "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2015/9/13/195" - }, - { - "name" : "[netdev] 20150304 [PATCH net] af_unix: don't poll dead peers", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/netdev/msg318826.html" - }, - { - "name" : "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/18/16" - }, - { - "name" : "https://forums.grsecurity.net/viewtopic.php?f=3&t=4150", - "refsource" : "MISC", - "url" : "https://forums.grsecurity.net/viewtopic.php?f=3&t=4150" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1282688", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" - }, - { - "name" : "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" - }, - { - "name" : "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8" - }, - { - "name" : "DSA-3426", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3426" - }, - { - "name" : "openSUSE-SU-2016:1641", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" - }, - { - "name" : "SUSE-SU-2016:2000", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" - }, - { - "name" : "SUSE-SU-2016:2001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" - }, - { - "name" : "SUSE-SU-2016:2002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:2003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" - }, - { - "name" : "SUSE-SU-2016:2006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" - }, - { - "name" : "SUSE-SU-2016:2007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:2010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" - }, - { - "name" : "SUSE-SU-2016:2011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" - }, - { - "name" : "SUSE-SU-2016:1961", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2016:1994", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:1995", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" - }, - { - "name" : "SUSE-SU-2016:2005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" - }, - { - "name" : "SUSE-SU-2016:2009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" - }, - { - "name" : "SUSE-SU-2016:2014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" - }, - { - "name" : "SUSE-SU-2016:1102", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" - }, - { - "name" : "SUSE-SU-2016:0745", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" - }, - { - "name" : "SUSE-SU-2016:0746", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" - }, - { - "name" : "SUSE-SU-2016:0747", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" - }, - { - "name" : "SUSE-SU-2016:0749", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" - }, - { - "name" : "SUSE-SU-2016:0750", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0751", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" - }, - { - "name" : "SUSE-SU-2016:0752", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" - }, - { - "name" : "SUSE-SU-2016:0753", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" - }, - { - "name" : "SUSE-SU-2016:0754", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" - }, - { - "name" : "SUSE-SU-2016:0755", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" - }, - { - "name" : "SUSE-SU-2016:0756", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" - }, - { - "name" : "SUSE-SU-2016:0757", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" - }, - { - "name" : "USN-2886-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2886-1" - }, - { - "name" : "USN-2887-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2887-1" - }, - { - "name" : "USN-2887-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2887-2" - }, - { - "name" : "USN-2888-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2888-1" - }, - { - "name" : "USN-2889-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2889-1" - }, - { - "name" : "USN-2889-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2889-2" - }, - { - "name" : "USN-2890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2890-1" - }, - { - "name" : "USN-2890-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2890-2" - }, - { - "name" : "USN-2890-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2890-3" - }, - { - "name" : "77638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77638" - }, - { - "name" : "1034557", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:0750", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" + }, + { + "name": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8" + }, + { + "name": "1034557", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034557" + }, + { + "name": "SUSE-SU-2016:2010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" + }, + { + "name": "SUSE-SU-2016:2011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" + }, + { + "name": "SUSE-SU-2016:2003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" + }, + { + "name": "SUSE-SU-2016:0751", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" + }, + { + "name": "SUSE-SU-2016:0747", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" + }, + { + "name": "SUSE-SU-2016:0755", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" + }, + { + "name": "SUSE-SU-2016:1994", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" + }, + { + "name": "USN-2887-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2887-2" + }, + { + "name": "https://forums.grsecurity.net/viewtopic.php?f=3&t=4150", + "refsource": "MISC", + "url": "https://forums.grsecurity.net/viewtopic.php?f=3&t=4150" + }, + { + "name": "SUSE-SU-2016:0757", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" + }, + { + "name": "SUSE-SU-2016:1961", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" + }, + { + "name": "SUSE-SU-2016:2001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" + }, + { + "name": "[netdev] 20150304 [PATCH net] af_unix: don't poll dead peers", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/netdev/msg318826.html" + }, + { + "name": "SUSE-SU-2016:0753", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" + }, + { + "name": "USN-2886-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2886-1" + }, + { + "name": "USN-2887-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2887-1" + }, + { + "name": "USN-2890-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2890-3" + }, + { + "name": "SUSE-SU-2016:2006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" + }, + { + "name": "USN-2889-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2889-1" + }, + { + "name": "SUSE-SU-2016:2014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" + }, + { + "name": "openSUSE-SU-2016:1641", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" + }, + { + "name": "USN-2889-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2889-2" + }, + { + "name": "SUSE-SU-2016:0746", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" + }, + { + "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2015/9/13/195" + }, + { + "name": "SUSE-SU-2016:0749", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" + }, + { + "name": "SUSE-SU-2016:1102", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" + }, + { + "name": "77638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77638" + }, + { + "name": "SUSE-SU-2016:2009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" + }, + { + "name": "SUSE-SU-2016:2005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" + }, + { + "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2014/5/15/532" + }, + { + "name": "SUSE-SU-2016:2007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "USN-2890-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2890-2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" + }, + { + "name": "SUSE-SU-2016:2000", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" + }, + { + "name": "SUSE-SU-2016:0745", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" + }, + { + "name": "DSA-3426", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3426" + }, + { + "name": "SUSE-SU-2016:1995", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" + }, + { + "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" + }, + { + "name": "SUSE-SU-2016:2002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" + }, + { + "name": "[linux-kernel] 20131014 Re: epoll oops.", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2013/10/14/424" + }, + { + "name": "SUSE-SU-2016:0756", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" + }, + { + "name": "USN-2890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2890-1" + }, + { + "name": "SUSE-SU-2016:0754", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" + }, + { + "name": "SUSE-SU-2016:0752", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" + }, + { + "name": "USN-2888-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2888-1" + }, + { + "name": "SUSE-SU-2016:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10305.json b/2017/10xxx/CVE-2017-10305.json index 5d4dba202cc..4e48eed491a 100644 --- a/2017/10xxx/CVE-2017-10305.json +++ b/2017/10xxx/CVE-2017-10305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10305", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10305", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10331.json b/2017/10xxx/CVE-2017-10331.json index 1b08c126543..d44bf1494b8 100644 --- a/2017/10xxx/CVE-2017-10331.json +++ b/2017/10xxx/CVE-2017-10331.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Object Library", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101391" - }, - { - "name" : "1039592", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101391" + }, + { + "name": "1039592", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039592" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10566.json b/2017/10xxx/CVE-2017-10566.json index baee53605b8..b843ae4f902 100644 --- a/2017/10xxx/CVE-2017-10566.json +++ b/2017/10xxx/CVE-2017-10566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10765.json b/2017/10xxx/CVE-2017-10765.json index e8bf52dc38c..9f5880b41f5 100644 --- a/2017/10xxx/CVE-2017-10765.json +++ b/2017/10xxx/CVE-2017-10765.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10804.json b/2017/10xxx/CVE-2017-10804.json index dd6c009bd55..33686207d99 100644 --- a/2017/10xxx/CVE-2017-10804.json +++ b/2017/10xxx/CVE-2017-10804.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3", - "refsource" : "CONFIRM", - "url" : "http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3" - }, - { - "name" : "https://github.com/odoo/odoo/issues/17914", - "refsource" : "CONFIRM", - "url" : "https://github.com/odoo/odoo/issues/17914" - }, - { - "name" : "https://github.com/psycopg/psycopg2/issues/420", - "refsource" : "CONFIRM", - "url" : "https://github.com/psycopg/psycopg2/issues/420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/odoo/odoo/issues/17914", + "refsource": "CONFIRM", + "url": "https://github.com/odoo/odoo/issues/17914" + }, + { + "name": "http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3", + "refsource": "CONFIRM", + "url": "http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3" + }, + { + "name": "https://github.com/psycopg/psycopg2/issues/420", + "refsource": "CONFIRM", + "url": "https://github.com/psycopg/psycopg2/issues/420" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14059.json b/2017/14xxx/CVE-2017-14059.json index fd0960154e5..9ab9454086e 100644 --- a/2017/14xxx/CVE-2017-14059.json +++ b/2017/14xxx/CVE-2017-14059.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large \"duration\" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6" - }, - { - "name" : "DSA-3996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3996" - }, - { - "name" : "100631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large \"duration\" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100631" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6" + }, + { + "name": "DSA-3996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3996" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14304.json b/2017/14xxx/CVE-2017-14304.json index ea746ef4bb1..f5b1173ba1a 100644 --- a/2017/14xxx/CVE-2017-14304.json +++ b/2017/14xxx/CVE-2017-14304.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14304", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14304", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14304" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14572.json b/2017/14xxx/CVE-2017-14572.json index 48fb085212f..623dd5f15b2 100644 --- a/2017/14xxx/CVE-2017-14572.json +++ b/2017/14xxx/CVE-2017-14572.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14572", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14572", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14572" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14671.json b/2017/14xxx/CVE-2017-14671.json index 09331074cf4..7b718630104 100644 --- a/2017/14xxx/CVE-2017-14671.json +++ b/2017/14xxx/CVE-2017-14671.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14671", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14671", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14966.json b/2017/14xxx/CVE-2017-14966.json index c838bbf822b..c5964857eec 100644 --- a/2017/14xxx/CVE-2017-14966.json +++ b/2017/14xxx/CVE-2017-14966.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.greyhathacker.net/?p=995", - "refsource" : "MISC", - "url" : "http://www.greyhathacker.net/?p=995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.greyhathacker.net/?p=995", + "refsource": "MISC", + "url": "http://www.greyhathacker.net/?p=995" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15280.json b/2017/15xxx/CVE-2017-15280.json index 2d19bcaa64a..f2ae5a5e86b 100644 --- a/2017/15xxx/CVE-2017-15280.json +++ b/2017/15xxx/CVE-2017-15280.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://issues.umbraco.org/issue/U4-10506", - "refsource" : "CONFIRM", - "url" : "http://issues.umbraco.org/issue/U4-10506" - }, - { - "name" : "https://github.com/umbraco/Umbraco-CMS/commit/5dde2efe0d2b3a47d17439e03acabb7ea2befb64", - "refsource" : "CONFIRM", - "url" : "https://github.com/umbraco/Umbraco-CMS/commit/5dde2efe0d2b3a47d17439e03acabb7ea2befb64" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/umbraco/Umbraco-CMS/commit/5dde2efe0d2b3a47d17439e03acabb7ea2befb64", + "refsource": "CONFIRM", + "url": "https://github.com/umbraco/Umbraco-CMS/commit/5dde2efe0d2b3a47d17439e03acabb7ea2befb64" + }, + { + "name": "http://issues.umbraco.org/issue/U4-10506", + "refsource": "CONFIRM", + "url": "http://issues.umbraco.org/issue/U4-10506" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15699.json b/2017/15xxx/CVE-2017-15699.json index 9cdd6156385..3ad85ecfb63 100644 --- a/2017/15xxx/CVE-2017-15699.json +++ b/2017/15xxx/CVE-2017-15699.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2017-15699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Qpid Dispatch Router", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Qpid Dispatch Router 0.7.0 and 0.8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2017-15699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Qpid Dispatch Router", + "version": { + "version_data": [ + { + "version_value": "Apache Qpid Dispatch Router 0.7.0 and 0.8.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.apache.org/jira/browse/DISPATCH-924", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/DISPATCH-924" - }, - { - "name" : "103067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103067" + }, + { + "name": "https://issues.apache.org/jira/browse/DISPATCH-924", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/DISPATCH-924" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15867.json b/2017/15xxx/CVE-2017-15867.json index 30870c6d7ac..24a5a394b08 100644 --- a/2017/15xxx/CVE-2017-15867.json +++ b/2017/15xxx/CVE-2017-15867.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wpvulndb.com/vulnerabilities/8939", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8939" - }, - { - "name" : "https://github.com/faiyazalam/WordPress-plugin-user-login-history/commit/519341a7dece59e2c589b908a636e6cf12a61741", - "refsource" : "CONFIRM", - "url" : "https://github.com/faiyazalam/WordPress-plugin-user-login-history/commit/519341a7dece59e2c589b908a636e6cf12a61741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/faiyazalam/WordPress-plugin-user-login-history/commit/519341a7dece59e2c589b908a636e6cf12a61741", + "refsource": "CONFIRM", + "url": "https://github.com/faiyazalam/WordPress-plugin-user-login-history/commit/519341a7dece59e2c589b908a636e6cf12a61741" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8939", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8939" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15997.json b/2017/15xxx/CVE-2017-15997.json index b191032fa90..bccceabaf43 100644 --- a/2017/15xxx/CVE-2017-15997.json +++ b/2017/15xxx/CVE-2017-15997.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the \"NQ Contacts Backup & Restore\" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html", - "refsource" : "MISC", - "url" : "https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the \"NQ Contacts Backup & Restore\" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html", + "refsource": "MISC", + "url": "https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17517.json b/2017/17xxx/CVE-2017-17517.json index 0ac9bf51fd7..6f119c7d667 100644 --- a/2017/17xxx/CVE-2017-17517.json +++ b/2017/17xxx/CVE-2017-17517.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-17517", - "refsource" : "MISC", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-17517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-17517", + "refsource": "MISC", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-17517" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9473.json b/2017/9xxx/CVE-2017-9473.json index 0021ded151a..8126c214776 100644 --- a/2017/9xxx/CVE-2017-9473.json +++ b/2017/9xxx/CVE-2017-9473.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/" - }, - { - "name" : "USN-3667-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3667-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3667-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3667-1/" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9642.json b/2017/9xxx/CVE-2017-9642.json index 95904bc8eb6..df79af1fecf 100644 --- a/2017/9xxx/CVE-2017-9642.json +++ b/2017/9xxx/CVE-2017-9642.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9642", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9642", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9663.json b/2017/9xxx/CVE-2017-9663.json index 72fd6df1a4f..abc9a701980 100644 --- a/2017/9xxx/CVE-2017-9663.json +++ b/2017/9xxx/CVE-2017-9663.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-9663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "General Motors and Shanghai OnStar (SOS) iOS Client", - "version" : { - "version_data" : [ - { - "version_value" : "General Motors and Shanghai OnStar (SOS) iOS Client" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-312" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-9663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "General Motors and Shanghai OnStar (SOS) iOS Client", + "version": { + "version_data": [ + { + "version_value": "General Motors and Shanghai OnStar (SOS) iOS Client" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04" - }, - { - "name" : "102481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04" + }, + { + "name": "102481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102481" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9748.json b/2017/9xxx/CVE-2017-9748.json index ca1ad9c44e8..f14eb8aa665 100644 --- a/2017/9xxx/CVE-2017-9748.json +++ b/2017/9xxx/CVE-2017-9748.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42202", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42202/" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21582" - }, - { - "name" : "99110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42202", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42202/" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21582" + }, + { + "name": "99110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99110" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9781.json b/2017/9xxx/CVE-2017-9781.json index 4c853da963b..ce2eabd665a 100644 --- a/2017/9xxx/CVE-2017-9781.json +++ b/2017/9xxx/CVE-2017-9781.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2017-21", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-21" - }, - { - "name" : "http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob;f=.werks/4757;hb=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1", - "refsource" : "CONFIRM", - "url" : "http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob;f=.werks/4757;hb=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob;f=.werks/4757;hb=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1", + "refsource": "CONFIRM", + "url": "http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob;f=.werks/4757;hb=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-21", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-21" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0141.json b/2018/0xxx/CVE-2018-0141.json index e3390b662f7..dbfc555737b 100644 --- a/2018/0xxx/CVE-2018-0141.json +++ b/2018/0xxx/CVE-2018-0141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-798" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp" - }, - { - "name" : "103329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103329" - }, - { - "name" : "1040462", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040462", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040462" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp" + }, + { + "name": "103329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103329" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0555.json b/2018/0xxx/CVE-2018-0555.json index b608eb18807..bf191e61492 100644 --- a/2018/0xxx/CVE-2018-0555.json +++ b/2018/0xxx/CVE-2018-0555.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WZR-1750DHP2", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.2.30 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "BUFFALO INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WZR-1750DHP2", + "version": { + "version_data": [ + { + "version_value": "Ver.2.30 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "BUFFALO INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://buffalo.jp/support_s/s20180328.html", - "refsource" : "CONFIRM", - "url" : "http://buffalo.jp/support_s/s20180328.html" - }, - { - "name" : "JVN#93397125", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN93397125/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#93397125", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN93397125/index.html" + }, + { + "name": "http://buffalo.jp/support_s/s20180328.html", + "refsource": "CONFIRM", + "url": "http://buffalo.jp/support_s/s20180328.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0582.json b/2018/0xxx/CVE-2018-0582.json index a2af0a77969..5f34a2982a4 100644 --- a/2018/0xxx/CVE-2018-0582.json +++ b/2018/0xxx/CVE-2018-0582.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RT-AC68U", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version prior to 3.0.0.4.380.1031" - } - ] - } - } - ] - }, - "vendor_name" : "ASUS Japan Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RT-AC68U", + "version": { + "version_data": [ + { + "version_value": "Firmware version prior to 3.0.0.4.380.1031" + } + ] + } + } + ] + }, + "vendor_name": "ASUS Japan Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/", - "refsource" : "MISC", - "url" : "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/" - }, - { - "name" : "JVN#73742314", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN73742314/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#73742314", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN73742314/index.html" + }, + { + "name": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/", + "refsource": "MISC", + "url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0692.json b/2018/0xxx/CVE-2018-0692.json index 5ce058b63b5..8c438133d7c 100755 --- a/2018/0xxx/CVE-2018-0692.json +++ b/2018/0xxx/CVE-2018-0692.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Baidu Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Version 43.23.1000.500 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Baidu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Baidu Browser", + "version": { + "version_data": [ + { + "version_value": "Version 43.23.1000.500 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Baidu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#77885134", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN77885134/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#77885134", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN77885134/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0761.json b/2018/0xxx/CVE-2018-0761.json index 2329b7393b0..b6f1e8b47dd 100644 --- a/2018/0xxx/CVE-2018-0761.json +++ b/2018/0xxx/CVE-2018-0761.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-0761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows Embedded OpenType (EOT) font engine", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1 and Windows Server 2008 R2" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka \"Windows EOT Font Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0855." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Important" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-0761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows Embedded OpenType (EOT) font engine", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1 and Windows Server 2008 R2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0761", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0761" - }, - { - "name" : "102952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102952" - }, - { - "name" : "1040374", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka \"Windows EOT Font Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0855." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Important" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102952" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0761", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0761" + }, + { + "name": "1040374", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040374" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000425.json b/2018/1000xxx/CVE-2018-1000425.json index 1e321ded879..b22ec5e0073 100644 --- a/2018/1000xxx/CVE-2018-1000425.json +++ b/2018/1000xxx/CVE-2018-1000425.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-28T04:34:37.686252", - "ID" : "CVE-2018-1000425", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins SonarQube Scanner Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.8 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-522" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-28T04:34:37.686252", + "ID": "CVE-2018-1000425", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1163", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1163" - }, - { - "name" : "106532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106532" + }, + { + "name": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1163", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1163" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000507.json b/2018/1000xxx/CVE-2018-1000507.json index 1dbb7cc80b8..156bc7bcc16 100644 --- a/2018/1000xxx/CVE-2018-1000507.json +++ b/2018/1000xxx/CVE-2018-1000507.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.007601", - "DATE_REQUESTED" : "2018-06-07T20:54:31", - "ID" : "CVE-2018-1000507", - "REQUESTER" : "tom@dxw.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WP User Groups", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "WP User Groups" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross ite Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.007601", + "DATE_REQUESTED": "2018-06-07T20:54:31", + "ID": "CVE-2018-1000507", + "REQUESTER": "tom@dxw.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://advisories.dxw.com/advisories/csrf-wp-user-groups/", - "refsource" : "MISC", - "url" : "https://advisories.dxw.com/advisories/csrf-wp-user-groups/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://advisories.dxw.com/advisories/csrf-wp-user-groups/", + "refsource": "MISC", + "url": "https://advisories.dxw.com/advisories/csrf-wp-user-groups/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16132.json b/2018/16xxx/CVE-2018-16132.json index 8eaf05721b0..edc5037ec49 100644 --- a/2018/16xxx/CVE-2018-16132.json +++ b/2018/16xxx/CVE-2018-16132.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/bugtraq/2018/Aug/57", - "refsource" : "MISC", - "url" : "http://seclists.org/bugtraq/2018/Aug/57" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/bugtraq/2018/Aug/57", + "refsource": "MISC", + "url": "http://seclists.org/bugtraq/2018/Aug/57" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16564.json b/2018/16xxx/CVE-2018-16564.json index e711644c5ca..24843221775 100644 --- a/2018/16xxx/CVE-2018-16564.json +++ b/2018/16xxx/CVE-2018-16564.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16564", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16564", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16867.json b/2018/16xxx/CVE-2018-16867.json index 44764620bb9..5138ada40ab 100644 --- a/2018/16xxx/CVE-2018-16867.json +++ b/2018/16xxx/CVE-2018-16867.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-16867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QEMU:", - "version" : { - "version_data" : [ - { - "version_value" : "3.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-362" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QEMU:", + "version": { + "version_data": [ + { + "version_value": "3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20181206 CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)", - "refsource" : "MLIST", - "url" : "https://www.openwall.com/lists/oss-security/2018/12/06/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867" - }, - { - "name" : "106195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867" + }, + { + "name": "106195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106195" + }, + { + "name": "[oss-security] 20181206 CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)", + "refsource": "MLIST", + "url": "https://www.openwall.com/lists/oss-security/2018/12/06/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19257.json b/2018/19xxx/CVE-2018-19257.json index 13568598b9e..cceabc3c325 100644 --- a/2018/19xxx/CVE-2018-19257.json +++ b/2018/19xxx/CVE-2018-19257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19257", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19257", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19259.json b/2018/19xxx/CVE-2018-19259.json index 39060335a4e..a33474cfbe2 100644 --- a/2018/19xxx/CVE-2018-19259.json +++ b/2018/19xxx/CVE-2018-19259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19259", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19259", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19635.json b/2018/19xxx/CVE-2018-19635.json index 04e9ebdf3e5..52659a5f895 100644 --- a/2018/19xxx/CVE-2018-19635.json +++ b/2018/19xxx/CVE-2018-19635.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2019-01-17T05:00:00.000Z", - "ID" : "CVE-2018-19635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CA Service Desk Manager", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "14.1" - }, - { - "affected" : "=", - "version_value" : "17" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-269" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2019-01-17T05:00:00.000Z", + "ID": "CVE-2018-19635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CA Service Desk Manager", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "14.1" + }, + { + "affected": "=", + "version_value": "17" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html" - }, - { - "name" : "106689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106689" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106689" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19745.json b/2018/19xxx/CVE-2018-19745.json index c5740f539c6..b7775d3ed13 100644 --- a/2018/19xxx/CVE-2018-19745.json +++ b/2018/19xxx/CVE-2018-19745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19745", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19745", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4031.json b/2018/4xxx/CVE-2018-4031.json index 961fcb7c2f9..8a39a6bf78f 100644 --- a/2018/4xxx/CVE-2018-4031.json +++ b/2018/4xxx/CVE-2018-4031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4031", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4031", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4177.json b/2018/4xxx/CVE-2018-4177.json index 5a0b685d3b9..73f990ca1f5 100644 --- a/2018/4xxx/CVE-2018-4177.json +++ b/2018/4xxx/CVE-2018-4177.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4177", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4177", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4821.json b/2018/4xxx/CVE-2018-4821.json index 467866d32bf..dcb2eff5bc9 100644 --- a/2018/4xxx/CVE-2018-4821.json +++ b/2018/4xxx/CVE-2018-4821.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4821", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4821", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file