diff --git a/2008/0xxx/CVE-2008-0047.json b/2008/0xxx/CVE-2008-0047.json index adbdc3bd1bf..eeb9d98869b 100644 --- a/2008/0xxx/CVE-2008-0047.json +++ b/2008/0xxx/CVE-2008-0047.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080318 Multiple Vendor CUPS CGI Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "DSA-1530", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1530" - }, - { - "name" : "FEDORA-2008-2131", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html" - }, - { - "name" : "FEDORA-2008-2897", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html" - }, - { - "name" : "GLSA-200804-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-01.xml" - }, - { - "name" : "MDVSA-2008:081", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:081" - }, - { - "name" : "RHSA-2008:0192", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0192.html" - }, - { - "name" : "SUSE-SA:2008:015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html" - }, - { - "name" : "USN-598-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-598-1" - }, - { - "name" : "TA08-079A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" - }, - { - "name" : "28307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28307" - }, - { - "name" : "oval:org.mitre.oval:def:10085", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10085" - }, - { - "name" : "ADV-2008-0921", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0921/references" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019646", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019646" - }, - { - "name" : "29431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29431" - }, - { - "name" : "29448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29448" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "29485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29485" - }, - { - "name" : "29634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29634" - }, - { - "name" : "29573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29573" - }, - { - "name" : "29603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29603" - }, - { - "name" : "29655", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29655" - }, - { - "name" : "29750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29485" + }, + { + "name": "SUSE-SA:2008:015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html" + }, + { + "name": "29573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29573" + }, + { + "name": "ADV-2008-0921", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0921/references" + }, + { + "name": "TA08-079A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" + }, + { + "name": "1019646", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019646" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "FEDORA-2008-2131", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html" + }, + { + "name": "USN-598-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-598-1" + }, + { + "name": "MDVSA-2008:081", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:081" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "28307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28307" + }, + { + "name": "oval:org.mitre.oval:def:10085", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10085" + }, + { + "name": "29750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29750" + }, + { + "name": "29448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29448" + }, + { + "name": "FEDORA-2008-2897", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html" + }, + { + "name": "29634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29634" + }, + { + "name": "29655", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29655" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "29431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29431" + }, + { + "name": "20080318 Multiple Vendor CUPS CGI Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674" + }, + { + "name": "DSA-1530", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1530" + }, + { + "name": "RHSA-2008:0192", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0192.html" + }, + { + "name": "GLSA-200804-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-01.xml" + }, + { + "name": "29603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29603" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0243.json b/2008/0xxx/CVE-2008-0243.json index 05601a9e6d3..ce3e6ab1135 100644 --- a/2008/0xxx/CVE-2008-0243.json +++ b/2008/0xxx/CVE-2008-0243.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27011539", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27011539" - }, - { - "name" : "27215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27215" - }, - { - "name" : "ADV-2008-0086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0086" - }, - { - "name" : "28411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28411" - }, - { - "name" : "lotus-domino-unspecified-dos(39588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0086" + }, + { + "name": "27215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27215" + }, + { + "name": "28411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28411" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011539", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011539" + }, + { + "name": "lotus-domino-unspecified-dos(39588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39588" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0764.json b/2008/0xxx/CVE-2008-0764.json index 701eba68d11..d58ee7e5d75 100644 --- a/2008/0xxx/CVE-2008-0764.json +++ b/2008/0xxx/CVE-2008-0764.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080211 Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487956/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/lstnpsx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/lstnpsx-adv.txt" - }, - { - "name" : "27732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27732" - }, - { - "name" : "ADV-2008-0500", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0500" - }, - { - "name" : "28890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28890" - }, - { - "name" : "networkprintserver-logging-format-string(40420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080211 Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487956/100/0/threaded" + }, + { + "name": "28890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28890" + }, + { + "name": "27732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27732" + }, + { + "name": "networkprintserver-logging-format-string(40420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40420" + }, + { + "name": "http://aluigi.altervista.org/adv/lstnpsx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/lstnpsx-adv.txt" + }, + { + "name": "ADV-2008-0500", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0500" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0854.json b/2008/0xxx/CVE-2008-0854.json index 921c8bb0991..24dd3e4eadd 100644 --- a/2008/0xxx/CVE-2008-0854.json +++ b/2008/0xxx/CVE-2008-0854.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080215 joomla SQL Injection(com_salesrep)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488267/100/0/threaded" - }, - { - "name" : "27827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27827" - }, - { - "name" : "3678", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3678" - }, - { - "name" : "salesrep-index-sql-injection(40619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "salesrep-index-sql-injection(40619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40619" + }, + { + "name": "27827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27827" + }, + { + "name": "20080215 joomla SQL Injection(com_salesrep)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488267/100/0/threaded" + }, + { + "name": "3678", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3678" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0892.json b/2008/0xxx/CVE-2008-0892.json index d655f89550b..2d52bb8a0c1 100644 --- a/2008/0xxx/CVE-2008-0892.json +++ b/2008/0xxx/CVE-2008-0892.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=437301", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=437301" - }, - { - "name" : "FEDORA-2008-3214", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html" - }, - { - "name" : "FEDORA-2008-3220", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html" - }, - { - "name" : "HPSBUX02324", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676" - }, - { - "name" : "SSRT080034", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676" - }, - { - "name" : "RHSA-2008:0201", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0201.html" - }, - { - "name" : "RHSA-2008:0199", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0199.html" - }, - { - "name" : "28802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28802" - }, - { - "name" : "ADV-2008-1449", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1449/references" - }, - { - "name" : "1019856", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019856" - }, - { - "name" : "29761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29761" - }, - { - "name" : "29826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29826" - }, - { - "name" : "30114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30114" - }, - { - "name" : "rhds-replmonitor-command-execution(41840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rhds-replmonitor-command-execution(41840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41840" + }, + { + "name": "FEDORA-2008-3220", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html" + }, + { + "name": "HPSBUX02324", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676" + }, + { + "name": "30114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30114" + }, + { + "name": "1019856", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019856" + }, + { + "name": "28802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28802" + }, + { + "name": "SSRT080034", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676" + }, + { + "name": "RHSA-2008:0201", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html" + }, + { + "name": "FEDORA-2008-3214", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html" + }, + { + "name": "ADV-2008-1449", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1449/references" + }, + { + "name": "RHSA-2008:0199", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0199.html" + }, + { + "name": "29761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29761" + }, + { + "name": "29826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29826" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=437301", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437301" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1260.json b/2008/1xxx/CVE-2008-1260.json index 7df0af00725..9c69fdabbb5 100644 --- a/2008/1xxx/CVE-2008-1260.json +++ b/2008/1xxx/CVE-2008-1260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "zyxel-p2602hw-multiple-csrf(41170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "zyxel-p2602hw-multiple-csrf(41170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41170" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1611.json b/2008/1xxx/CVE-2008-1611.json index 4216a62ff24..7ef000a956c 100644 --- a/2008/1xxx/CVE-2008-1611.json +++ b/2008/1xxx/CVE-2008-1611.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5314", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5314" - }, - { - "name" : "http://www.offensive-security.com/0day/sourceforge-tftpd.py.txt", - "refsource" : "MISC", - "url" : "http://www.offensive-security.com/0day/sourceforge-tftpd.py.txt" - }, - { - "name" : "28462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28462" - }, - { - "name" : "29508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29508" - }, - { - "name" : "tftpserver-filename-bo(41496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29508" + }, + { + "name": "http://www.offensive-security.com/0day/sourceforge-tftpd.py.txt", + "refsource": "MISC", + "url": "http://www.offensive-security.com/0day/sourceforge-tftpd.py.txt" + }, + { + "name": "tftpserver-filename-bo(41496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41496" + }, + { + "name": "28462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28462" + }, + { + "name": "5314", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5314" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3088.json b/2008/3xxx/CVE-2008-3088.json index 7460571964f..a827ff9cff0 100644 --- a/2008/3xxx/CVE-2008-3088.json +++ b/2008/3xxx/CVE-2008-3088.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6007", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6007" - }, - { - "name" : "30095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30095" - }, - { - "name" : "30946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30946" - }, - { - "name" : "kasselercms-index-xss(43604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30946" + }, + { + "name": "kasselercms-index-xss(43604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43604" + }, + { + "name": "30095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30095" + }, + { + "name": "6007", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6007" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3623.json b/2008/3xxx/CVE-2008-3623.json index bda474d1b28..7c45f761c57 100644 --- a/2008/3xxx/CVE-2008-3623.json +++ b/2008/3xxx/CVE-2008-3623.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3298", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3298" - }, - { - "name" : "http://support.apple.com/kb/HT3338", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3338" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2008-11-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" - }, - { - "name" : "APPLE-SA-2008-12-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "TA08-350A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" - }, - { - "name" : "32291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32291" - }, - { - "name" : "1021225", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021225" - }, - { - "name" : "32706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32706" - }, - { - "name" : "ADV-2008-3444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3444" - }, - { - "name" : "33179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33179" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "APPLE-SA-2008-11-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "ADV-2008-3444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3444" + }, + { + "name": "TA08-350A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" + }, + { + "name": "33179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33179" + }, + { + "name": "1021225", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021225" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "32706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32706" + }, + { + "name": "32291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32291" + }, + { + "name": "http://support.apple.com/kb/HT3338", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3338" + }, + { + "name": "http://support.apple.com/kb/HT3298", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3298" + }, + { + "name": "APPLE-SA-2008-12-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3690.json b/2008/3xxx/CVE-2008-3690.json index a276d51ff7e..667d433bb01 100644 --- a/2008/3xxx/CVE-2008-3690.json +++ b/2008/3xxx/CVE-2008-3690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3702.json b/2008/3xxx/CVE-2008-3702.json index 854770dc946..831484404e1 100644 --- a/2008/3xxx/CVE-2008-3702.json +++ b/2008/3xxx/CVE-2008-3702.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or (2) ReadGIF2 method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6216", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6216" - }, - { - "name" : "30621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30621" - }, - { - "name" : "4159", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4159" - }, - { - "name" : "jcomsoft-anigif-readgif-readgif2-bo(44412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or (2) ReadGIF2 method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6216", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6216" + }, + { + "name": "4159", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4159" + }, + { + "name": "30621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30621" + }, + { + "name": "jcomsoft-anigif-readgif-readgif2-bo(44412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44412" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3706.json b/2008/3xxx/CVE-2008-3706.json index 841d217ac88..bd8a8c2d171 100644 --- a/2008/3xxx/CVE-2008-3706.json +++ b/2008/3xxx/CVE-2008-3706.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6249", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6249" - }, - { - "name" : "30711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30711" - }, - { - "name" : "31515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31515" - }, - { - "name" : "4162", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4162" - }, - { - "name" : "zeejobsite-bannerclick-sql-injection(44500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zeejobsite-bannerclick-sql-injection(44500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44500" + }, + { + "name": "31515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31515" + }, + { + "name": "4162", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4162" + }, + { + "name": "6249", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6249" + }, + { + "name": "30711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30711" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3791.json b/2008/3xxx/CVE-2008-3791.json index d2c57bf3fe8..16db24e224f 100644 --- a/2008/3xxx/CVE-2008-3791.json +++ b/2008/3xxx/CVE-2008-3791.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080825 CVE Request (gpicview)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/25/3" - }, - { - "name" : "[oss-security] 20080826 Re: CVE Request (gpicview)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/26/5" - }, - { - "name" : "[oss-security] 20080826 Re: CVE Request (gpicview)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/26/10" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968" - }, - { - "name" : "http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845", - "refsource" : "CONFIRM", - "url" : "http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968" + }, + { + "name": "[oss-security] 20080826 Re: CVE Request (gpicview)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/26/10" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869" + }, + { + "name": "[oss-security] 20080825 CVE Request (gpicview)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/25/3" + }, + { + "name": "[oss-security] 20080826 Re: CVE Request (gpicview)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/26/5" + }, + { + "name": "http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845", + "refsource": "CONFIRM", + "url": "http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4105.json b/2008/4xxx/CVE-2008-4105.json index 174c53b7e30..fc5e607e572 100644 --- a/2008/4xxx/CVE-2008-4105.json +++ b/2008/4xxx/CVE-2008-4105.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080911 CVE request for Joomla multiple vuln.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=122118210029084&w=2" - }, - { - "name" : "[oss-security] 20080911 CVE request: joomla < 1.5.7", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=122115344915232&w=2" - }, - { - "name" : "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=122152798516853&w=2" - }, - { - "name" : "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html" - }, - { - "name" : "1020843", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020843" - }, - { - "name" : "31789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31789" - }, - { - "name" : "4275", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4275" - }, - { - "name" : "joomla-jrequest-command-execution(45069)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=122152798516853&w=2" + }, + { + "name": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html" + }, + { + "name": "31789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31789" + }, + { + "name": "[oss-security] 20080911 CVE request: joomla < 1.5.7", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=122115344915232&w=2" + }, + { + "name": "4275", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4275" + }, + { + "name": "joomla-jrequest-command-execution(45069)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069" + }, + { + "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=122118210029084&w=2" + }, + { + "name": "1020843", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020843" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4124.json b/2008/4xxx/CVE-2008-4124.json index d667f387f52..8f6d7777d5e 100644 --- a/2008/4xxx/CVE-2008-4124.json +++ b/2008/4xxx/CVE-2008-4124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4159.json b/2008/4xxx/CVE-2008-4159.json index 64cde3b7747..fc4190acdc7 100644 --- a/2008/4xxx/CVE-2008-4159.json +++ b/2008/4xxx/CVE-2008-4159.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6423", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6423" - }, - { - "name" : "31116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31116" - }, - { - "name" : "4283", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4283" - }, - { - "name" : "zanficmslite-page-sql-injection(45029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zanficmslite-page-sql-injection(45029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45029" + }, + { + "name": "31116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31116" + }, + { + "name": "6423", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6423" + }, + { + "name": "4283", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4283" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4228.json b/2008/4xxx/CVE-2008-4228.json index df78c764b4f..cdac5a132ca 100644 --- a/2008/4xxx/CVE-2008-4228.json +++ b/2008/4xxx/CVE-2008-4228.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3318", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3318" - }, - { - "name" : "APPLE-SA-2008-11-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" - }, - { - "name" : "32394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32394" - }, - { - "name" : "ADV-2008-3232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3232" - }, - { - "name" : "50025", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50025" - }, - { - "name" : "1021271", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021271" - }, - { - "name" : "32756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021271", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021271" + }, + { + "name": "APPLE-SA-2008-11-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" + }, + { + "name": "ADV-2008-3232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3232" + }, + { + "name": "http://support.apple.com/kb/HT3318", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3318" + }, + { + "name": "32394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32394" + }, + { + "name": "50025", + "refsource": "OSVDB", + "url": "http://osvdb.org/50025" + }, + { + "name": "32756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32756" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4618.json b/2008/4xxx/CVE-2008-4618.json index 3e985644143..1138ad82d60 100644 --- a/2008/4xxx/CVE-2008-4618.json +++ b/2008/4xxx/CVE-2008-4618.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081006 CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/06/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27" - }, - { - "name" : "DSA-1681", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1681" - }, - { - "name" : "RHSA-2009:0009", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0009.html" - }, - { - "name" : "SUSE-SA:2008:053", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html" - }, - { - "name" : "USN-679-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-679-1" - }, - { - "name" : "31848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31848" - }, - { - "name" : "32918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32918" - }, - { - "name" : "32998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32998" - }, - { - "name" : "33586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32998" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561" + }, + { + "name": "RHSA-2009:0009", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html" + }, + { + "name": "SUSE-SA:2008:053", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html" + }, + { + "name": "33586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33586" + }, + { + "name": "[oss-security] 20081006 CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/06/1" + }, + { + "name": "32918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32918" + }, + { + "name": "USN-679-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-679-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27" + }, + { + "name": "31848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31848" + }, + { + "name": "DSA-1681", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1681" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4832.json b/2008/4xxx/CVE-2008-4832.json index f46fbb82aa0..370fc3709fb 100644 --- a/2008/4xxx/CVE-2008-4832.json +++ b/2008/4xxx/CVE-2008-4832.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2857", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2857" - }, - { - "name" : "32710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32710" - }, - { - "name" : "rpath-initscripts-rcsysinit-symlink(46700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32710" + }, + { + "name": "rpath-initscripts-rcsysinit-symlink(46700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46700" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2857", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2857" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2506.json b/2013/2xxx/CVE-2013-2506.json index 633251335b6..02ebe296497 100644 --- a/2013/2xxx/CVE-2013-2506.json +++ b/2013/2xxx/CVE-2013-2506.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed", - "refsource" : "CONFIRM", - "url" : "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed" - }, - { - "name" : "https://github.com/spree/spree_auth_devise/commit/038d74771d3b5c13d13b738b73dfda1033a99f65", - "refsource" : "CONFIRM", - "url" : "https://github.com/spree/spree_auth_devise/commit/038d74771d3b5c13d13b738b73dfda1033a99f65" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed", + "refsource": "CONFIRM", + "url": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed" + }, + { + "name": "https://github.com/spree/spree_auth_devise/commit/038d74771d3b5c13d13b738b73dfda1033a99f65", + "refsource": "CONFIRM", + "url": "https://github.com/spree/spree_auth_devise/commit/038d74771d3b5c13d13b738b73dfda1033a99f65" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2532.json b/2013/2xxx/CVE-2013-2532.json index e6662df1982..f55b60106b3 100644 --- a/2013/2xxx/CVE-2013-2532.json +++ b/2013/2xxx/CVE-2013-2532.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2532", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2532", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3786.json b/2013/3xxx/CVE-2013-3786.json index 37dd30c8eea..8742b87759a 100644 --- a/2013/3xxx/CVE-2013-3786.json +++ b/2013/3xxx/CVE-2013-3786.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "61266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61266" - }, - { - "name" : "95309", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95309" - }, - { - "name" : "oval:org.mitre.oval:def:18562", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18562" - }, - { - "name" : "oracle-cpujuly2013-cve20133786(85696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95309", + "refsource": "OSVDB", + "url": "http://osvdb.org/95309" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "oracle-cpujuly2013-cve20133786(85696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85696" + }, + { + "name": "oval:org.mitre.oval:def:18562", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18562" + }, + { + "name": "61266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61266" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3904.json b/2013/3xxx/CVE-2013-3904.json index 40652b70122..a7d8adb232a 100644 --- a/2013/3xxx/CVE-2013-3904.json +++ b/2013/3xxx/CVE-2013-3904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3904", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3904", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6195.json b/2013/6xxx/CVE-2013-6195.json index a3e92d85563..fb6010a5d0a 100644 --- a/2013/6xxx/CVE-2013-6195.json +++ b/2013/6xxx/CVE-2013-6195.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02895", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - }, - { - "name" : "SSRT101253", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - }, - { - "name" : "SSRT101348", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02895", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + }, + { + "name": "SSRT101348", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + }, + { + "name": "SSRT101253", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6661.json b/2013/6xxx/CVE-2013-6661.json index dcb99e26759..5dfbb3d7d5b 100644 --- a/2013/6xxx/CVE-2013-6661.json +++ b/2013/6xxx/CVE-2013-6661.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=294687", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=294687" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=312016", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=312016" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=313005", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=313005" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=314088", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=314088" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=324812", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=324812" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=326860", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=326860" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=328620", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=328620" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=329651", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=329651" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=330222", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=330222" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=330750", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=330750" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=332957", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=332957" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=333885", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=333885" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=334274", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=334274" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=338464", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=338464" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=338532", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=338532" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=338561", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=338561" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=339337", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=339337" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=341220", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=341220" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=344876", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=344876" - }, - { - "name" : "DSA-2883", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2883" - }, - { - "name" : "openSUSE-SU-2014:0327", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=330222", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=330222" + }, + { + "name": "DSA-2883", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2883" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=339337", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=339337" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=314088", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=314088" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=344876", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=344876" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=341220", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=341220" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=313005", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=313005" + }, + { + "name": "openSUSE-SU-2014:0327", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=330750", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=330750" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=324812", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=324812" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=294687", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=294687" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=333885", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=333885" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=338561", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=338561" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=328620", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=328620" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=332957", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=332957" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=338532", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=338532" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=326860", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=326860" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=334274", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=334274" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=312016", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=312016" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=329651", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=329651" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=338464", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=338464" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6706.json b/2013/6xxx/CVE-2013-6706.json index 2c2049fd70f..6d8836b2fa6 100644 --- a/2013/6xxx/CVE-2013-6706.json +++ b/2013/6xxx/CVE-2013-6706.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31950", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31950" - }, - { - "name" : "20131127 Cisco IOS XE Software IP Header Sanity Check Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6706" - }, - { - "name" : "63979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63979" - }, - { - "name" : "100394", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100394" - }, - { - "name" : "1029407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029407" - }, - { - "name" : "55817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63979" + }, + { + "name": "100394", + "refsource": "OSVDB", + "url": "http://osvdb.org/100394" + }, + { + "name": "20131127 Cisco IOS XE Software IP Header Sanity Check Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6706" + }, + { + "name": "1029407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029407" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31950", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31950" + }, + { + "name": "55817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55817" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6828.json b/2013/6xxx/CVE-2013-6828.json index d20293cb6fa..91c9c7c5bc5 100644 --- a/2013/6xxx/CVE-2013-6828.json +++ b/2013/6xxx/CVE-2013-6828.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131119 pineapp mailsecure pwnage", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0133.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131119 pineapp mailsecure pwnage", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0133.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7019.json b/2013/7xxx/CVE-2013-7019.json index 5b966ec3849..350a4e321aa 100644 --- a/2013/7xxx/CVE-2013-7019.json +++ b/2013/7xxx/CVE-2013-7019.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/11/26/7" - }, - { - "name" : "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/12/08/3" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d" - }, - { - "name" : "https://trac.ffmpeg.org/ticket/2898", - "refsource" : "CONFIRM", - "url" : "https://trac.ffmpeg.org/ticket/2898" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://trac.ffmpeg.org/ticket/2898", + "refsource": "CONFIRM", + "url": "https://trac.ffmpeg.org/ticket/2898" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/12/08/3" + }, + { + "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/11/26/7" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7033.json b/2013/7xxx/CVE-2013-7033.json index 1e570f499fc..87f19615929 100644 --- a/2013/7xxx/CVE-2013-7033.json +++ b/2013/7xxx/CVE-2013-7033.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html" - }, - { - "name" : "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/", - "refsource" : "CONFIRM", - "url" : "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/", + "refsource": "CONFIRM", + "url": "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/" + }, + { + "name": "http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7333.json b/2013/7xxx/CVE-2013-7333.json index 0229faf01fb..62a5b6c6fca 100644 --- a/2013/7xxx/CVE-2013-7333.json +++ b/2013/7xxx/CVE-2013-7333.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7333", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7333", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7437.json b/2013/7xxx/CVE-2013-7437.json index 59155f899d2..50561c2894c 100644 --- a/2013/7xxx/CVE-2013-7437.json +++ b/2013/7xxx/CVE-2013-7437.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-7437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150206 potrace: possible heap overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/06/12" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778646", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778646" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=955808", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=955808" - }, - { - "name" : "openSUSE-SU-2015:1909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00034.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00034.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=955808", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=955808" + }, + { + "name": "[oss-security] 20150206 potrace: possible heap overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/06/12" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778646", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778646" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10334.json b/2017/10xxx/CVE-2017-10334.json index d85c7806eab..0905d2dbc72 100644 --- a/2017/10xxx/CVE-2017-10334.json +++ b/2017/10xxx/CVE-2017-10334.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "1039608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039608" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10867.json b/2017/10xxx/CVE-2017-10867.json index 35b4d8750cf..6e5ce78822b 100644 --- a/2017/10xxx/CVE-2017-10867.json +++ b/2017/10xxx/CVE-2017-10867.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10867", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10867", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10942.json b/2017/10xxx/CVE-2017-10942.json index 9f0317534e5..133f3c92113 100644 --- a/2017/10xxx/CVE-2017-10942.json +++ b/2017/10xxx/CVE-2017-10942.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-10942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.0.14878" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-10942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.0.14878" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-455", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-455" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-455", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-455" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10957.json b/2017/10xxx/CVE-2017-10957.json index 63dd450126c..47c3e453890 100644 --- a/2017/10xxx/CVE-2017-10957.json +++ b/2017/10xxx/CVE-2017-10957.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-10957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-10957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-859", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-859" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-859", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-859" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10999.json b/2017/10xxx/CVE-2017-10999.json index 90c22855242..6b1d3b1e521 100644 --- a/2017/10xxx/CVE-2017-10999.json +++ b/2017/10xxx/CVE-2017-10999.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-10999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-10999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100658" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14102.json b/2017/14xxx/CVE-2017-14102.json index 84550c0d25a..3bfe4cd4aa6 100644 --- a/2017/14xxx/CVE-2017-14102.json +++ b/2017/14xxx/CVE-2017-14102.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by the init-script.in and mimedefang-init.in scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html", - "refsource" : "MISC", - "url" : "http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html" - }, - { - "name" : "http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html", - "refsource" : "MISC", - "url" : "http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by the init-script.in and mimedefang-init.in scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html", + "refsource": "MISC", + "url": "http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html" + }, + { + "name": "http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html", + "refsource": "MISC", + "url": "http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14311.json b/2017/14xxx/CVE-2017-14311.json index 8d2c6268a97..bcca37e973b 100644 --- a/2017/14xxx/CVE-2017-14311.json +++ b/2017/14xxx/CVE-2017-14311.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42735", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42735/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42735", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42735/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17126.json b/2017/17xxx/CVE-2017-17126.json index 7e9b9d7959a..b6f71ef4d5a 100644 --- a/2017/17xxx/CVE-2017-17126.json +++ b/2017/17xxx/CVE-2017-17126.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22510" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22510" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17351.json b/2017/17xxx/CVE-2017-17351.json index b9a1535ce09..66170ed56b0 100644 --- a/2017/17xxx/CVE-2017-17351.json +++ b/2017/17xxx/CVE-2017-17351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17399.json b/2017/17xxx/CVE-2017-17399.json index 62c4d79f6ff..c80fa29dcd4 100644 --- a/2017/17xxx/CVE-2017-17399.json +++ b/2017/17xxx/CVE-2017-17399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17770.json b/2017/17xxx/CVE-2017-17770.json index 517e23bc636..02c9ea5fc10 100644 --- a/2017/17xxx/CVE-2017-17770.json +++ b/2017/17xxx/CVE-2017-17770.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-17770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Pointer Dereference in Power" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-17770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference in Power" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9273.json b/2017/9xxx/CVE-2017-9273.json index e2a2ee694e5..0dc20ca04ce 100644 --- a/2017/9xxx/CVE-2017-9273.json +++ b/2017/9xxx/CVE-2017-9273.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-09-26T00:00:00", - "ID" : "CVE-2017-9273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IDM 4.5 bidirectional eDir Driver Version", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.0.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "*** n/a ***" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access." - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-09-26T00:00:00", + "ID": "CVE-2017-9273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IDM 4.5 bidirectional eDir Driver Version", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.0.3.0" + } + ] + } + } + ] + }, + "vendor_name": "*** n/a ***" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8", - "refsource" : "MISC", - "url" : "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8", + "refsource": "MISC", + "url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9375.json b/2017/9xxx/CVE-2017-9375.json index 234f18579b1..0b5d44531da 100644 --- a/2017/9xxx/CVE-2017-9375.json +++ b/2017/9xxx/CVE-2017-9375.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170605 CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/06/05/2" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1458744", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1458744" - }, - { - "name" : "DSA-3991", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3991" - }, - { - "name" : "RHSA-2017:2392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2392" - }, - { - "name" : "RHSA-2017:2408", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2408" - }, - { - "name" : "98915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c" + }, + { + "name": "98915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98915" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1458744", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458744" + }, + { + "name": "DSA-3991", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3991" + }, + { + "name": "RHSA-2017:2392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2392" + }, + { + "name": "[oss-security] 20170605 CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/06/05/2" + }, + { + "name": "RHSA-2017:2408", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2408" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9393.json b/2017/9xxx/CVE-2017-9393.json index 9381ad83e6e..d0728e178e3 100644 --- a/2017/9xxx/CVE-2017-9393.json +++ b/2017/9xxx/CVE-2017-9393.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2017-09-21T00:00:00", - "ID" : "CVE-2017-9393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Manager", - "version" : { - "version_data" : [ - { - "version_value" : "12.6 through 12.6 SP8" - }, - { - "version_value" : "14.0" - }, - { - "version_value" : "14.1" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2017-09-21T00:00:00", + "ID": "CVE-2017-9393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "12.6 through 12.6 SP8" + }, + { + "version_value": "14.0" + }, + { + "version_value": "14.1" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html" - }, - { - "name" : "100956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100956" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9481.json b/2017/9xxx/CVE-2017-9481.json index 96f70b9aef0..bc531dab82b 100644 --- a/2017/9xxx/CVE-2017-9481.json +++ b/2017/9xxx/CVE-2017-9481.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/16 IP network by adding a routing-table entry that specifies the LAN IP address as the router for that network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-24.atom-ip-routing.txt", - "refsource" : "MISC", - "url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-24.atom-ip-routing.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/16 IP network by adding a routing-table entry that specifies the LAN IP address as the router for that network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-24.atom-ip-routing.txt", + "refsource": "MISC", + "url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-24.atom-ip-routing.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9936.json b/2017/9xxx/CVE-2017-9936.json index 8f75fcc861b..dae354efdfb 100644 --- a/2017/9xxx/CVE-2017-9936.json +++ b/2017/9xxx/CVE-2017-9936.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42300", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42300/" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2706", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2706" - }, - { - "name" : "DSA-3903", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3903" - }, - { - "name" : "USN-3602-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3602-1/" - }, - { - "name" : "99300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99300" + }, + { + "name": "USN-3602-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3602-1/" + }, + { + "name": "42300", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42300/" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2706", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2706" + }, + { + "name": "DSA-3903", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3903" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0470.json b/2018/0xxx/CVE-2018-0470.json index 188847d17f7..725cb918742 100644 --- a/2018/0xxx/CVE-2018-0470.json +++ b/2018/0xxx/CVE-2018-0470.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-26T16:00:00-0500", - "ID" : "CVE-2018-0470", - "STATE" : "PUBLIC", - "TITLE" : "Cisco IOS XE Software HTTP Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE Software", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "8.6", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-26T16:00:00-0500", + "ID": "CVE-2018-0470", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software HTTP Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180926 Cisco IOS XE Software HTTP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos" - }, - { - "name" : "105397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105397" - }, - { - "name" : "1041737", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041737" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180926-webdos", - "defect" : [ - [ - "CSCvb22618" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.6", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180926 Cisco IOS XE Software HTTP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos" + }, + { + "name": "1041737", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041737" + }, + { + "name": "105397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105397" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180926-webdos", + "defect": [ + [ + "CSCvb22618" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0600.json b/2018/0xxx/CVE-2018-0600.json index 928367692a6..8ab9e5d3061 100644 --- a/2018/0xxx/CVE-2018-0600.json +++ b/2018/0xxx/CVE-2018-0600.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "the installer of PlayMemories Home for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "ver.5.5.01 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Sony Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "the installer of PlayMemories Home for Windows", + "version": { + "version_data": [ + { + "version_value": "ver.5.5.01 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Sony Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html", - "refsource" : "MISC", - "url" : "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html" - }, - { - "name" : "JVN#13940333", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN13940333/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html", + "refsource": "MISC", + "url": "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html" + }, + { + "name": "JVN#13940333", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN13940333/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19390.json b/2018/19xxx/CVE-2018-19390.json index ba558cbb715..47fb1a7cbbc 100644 --- a/2018/19xxx/CVE-2018-19390.json +++ b/2018/19xxx/CVE-2018-19390.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/20/2018/11/2018-11-20/index.html", - "refsource" : "MISC", - "url" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/20/2018/11/2018-11-20/index.html" - }, - { - "name" : "https://yan-1-20.github.io/2018/11/20/2018/11/2018-11-20/", - "refsource" : "MISC", - "url" : "https://yan-1-20.github.io/2018/11/20/2018/11/2018-11-20/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/20/2018/11/2018-11-20/index.html", + "refsource": "MISC", + "url": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/20/2018/11/2018-11-20/index.html" + }, + { + "name": "https://yan-1-20.github.io/2018/11/20/2018/11/2018-11-20/", + "refsource": "MISC", + "url": "https://yan-1-20.github.io/2018/11/20/2018/11/2018-11-20/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19405.json b/2018/19xxx/CVE-2018-19405.json index ec5c42bc8a8..d7ba79c78d6 100644 --- a/2018/19xxx/CVE-2018-19405.json +++ b/2018/19xxx/CVE-2018-19405.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19405", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19405", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19626.json b/2018/19xxx/CVE-2018-19626.json index 5b65b5d5222..06a64187c8a 100644 --- a/2018/19xxx/CVE-2018-19626.json +++ b/2018/19xxx/CVE-2018-19626.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\\0' termination." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c5a65115ebab55cfd5ce0a855c2256e01cab6449", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c5a65115ebab55cfd5ce0a855c2256e01cab6449" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-52.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-52.html" - }, - { - "name" : "DSA-4359", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4359" - }, - { - "name" : "106051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\\0' termination." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-52.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-52.html" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130" + }, + { + "name": "106051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106051" + }, + { + "name": "DSA-4359", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4359" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c5a65115ebab55cfd5ce0a855c2256e01cab6449", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c5a65115ebab55cfd5ce0a855c2256e01cab6449" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1224.json b/2018/1xxx/CVE-2018-1224.json index 96e41645e96..8f025fa8d04 100644 --- a/2018/1xxx/CVE-2018-1224.json +++ b/2018/1xxx/CVE-2018-1224.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1224", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1224", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1255.json b/2018/1xxx/CVE-2018-1255.json index db3311e070e..57cf50e1be8 100644 --- a/2018/1xxx/CVE-2018-1255.json +++ b/2018/1xxx/CVE-2018-1255.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-07-11T04:00:00.000Z", - "ID" : "CVE-2018-1255", - "STATE" : "PUBLIC", - "TITLE" : "Reflected Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Identity Governance and Lifecycle", - "version" : { - "version_data" : [ - { - "version_value" : "version 7.0.1, all patch levels" - }, - { - "version_value" : "version 7.0.2, all patch levels" - }, - { - "version_value" : "version 7.1.0, all patch levels" - } - ] - } - } - ] - }, - "vendor_name" : "RSA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.1, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-07-11T04:00:00.000Z", + "ID": "CVE-2018-1255", + "STATE": "PUBLIC", + "TITLE": "Reflected Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Identity Governance and Lifecycle", + "version": { + "version_data": [ + { + "version_value": "version 7.0.1, all patch levels" + }, + { + "version_value": "version 7.0.2, all patch levels" + }, + { + "version_value": "version 7.1.0, all patch levels" + } + ] + } + } + ] + }, + "vendor_name": "RSA" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180711 DSA-2018-084: RSA Identity Governance and Lifecycle Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/46" - }, - { - "name" : "1041287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041287" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041287" + }, + { + "name": "20180711 DSA-2018-084: RSA Identity Governance and Lifecycle Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/46" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1976.json b/2018/1xxx/CVE-2018-1976.json index 998100eb118..4e2cd5722ca 100644 --- a/2018/1xxx/CVE-2018-1976.json +++ b/2018/1xxx/CVE-2018-1976.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-01-24T00:00:00", - "ID" : "CVE-2018-1976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.8.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "H", - "S" : "U", - "SCORE" : "4.900", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-01-24T00:00:00", + "ID": "CVE-2018-1976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.8.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10843130", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10843130" - }, - { - "name" : "106792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106792" - }, - { - "name" : "ibm-api-cve20181976-info-disc(154031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "H", + "I": "N", + "PR": "H", + "S": "U", + "SCORE": "4.900", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-api-cve20181976-info-disc(154031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154031" + }, + { + "name": "106792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106792" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10843130", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10843130" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4293.json b/2018/4xxx/CVE-2018-4293.json index 077c0281fe7..265863bfef0 100644 --- a/2018/4xxx/CVE-2018-4293.json +++ b/2018/4xxx/CVE-2018-4293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4563.json b/2018/4xxx/CVE-2018-4563.json index 878adb1acde..a7f4b80aab8 100644 --- a/2018/4xxx/CVE-2018-4563.json +++ b/2018/4xxx/CVE-2018-4563.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4563", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4563", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4583.json b/2018/4xxx/CVE-2018-4583.json index 24dd3556098..6d9548a2ec7 100644 --- a/2018/4xxx/CVE-2018-4583.json +++ b/2018/4xxx/CVE-2018-4583.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4583", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4583", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4706.json b/2018/4xxx/CVE-2018-4706.json index 2a7bbea87f4..77a24a00fed 100644 --- a/2018/4xxx/CVE-2018-4706.json +++ b/2018/4xxx/CVE-2018-4706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4900.json b/2018/4xxx/CVE-2018-4900.json index 2a884fc4eed..ad0bbf37ebe 100644 --- a/2018/4xxx/CVE-2018-4900.json +++ b/2018/4xxx/CVE-2018-4900.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file