From 83b2a9b936fa4e27d1ad39b8df5dc282d6bd3b07 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:41:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0002.json | 340 ++++++++++++++++----------------- 2008/0xxx/CVE-2008-0087.json | 220 ++++++++++----------- 2008/0xxx/CVE-2008-0730.json | 160 ++++++++-------- 2008/0xxx/CVE-2008-0800.json | 140 +++++++------- 2008/0xxx/CVE-2008-0915.json | 160 ++++++++-------- 2008/1xxx/CVE-2008-1052.json | 170 ++++++++--------- 2008/1xxx/CVE-2008-1118.json | 180 ++++++++--------- 2008/1xxx/CVE-2008-1198.json | 160 ++++++++-------- 2008/1xxx/CVE-2008-1829.json | 210 ++++++++++---------- 2008/1xxx/CVE-2008-1990.json | 180 ++++++++--------- 2008/4xxx/CVE-2008-4129.json | 210 ++++++++++---------- 2008/4xxx/CVE-2008-4981.json | 180 ++++++++--------- 2008/5xxx/CVE-2008-5184.json | 160 ++++++++-------- 2008/5xxx/CVE-2008-5664.json | 190 +++++++++--------- 2013/2xxx/CVE-2013-2020.json | 320 +++++++++++++++---------------- 2013/2xxx/CVE-2013-2040.json | 120 ++++++------ 2013/2xxx/CVE-2013-2231.json | 140 +++++++------- 2013/3xxx/CVE-2013-3266.json | 150 +++++++-------- 2013/3xxx/CVE-2013-3433.json | 150 +++++++-------- 2013/3xxx/CVE-2013-3466.json | 140 +++++++------- 2013/3xxx/CVE-2013-3691.json | 34 ++-- 2013/3xxx/CVE-2013-3767.json | 170 ++++++++--------- 2013/4xxx/CVE-2013-4059.json | 170 ++++++++--------- 2013/4xxx/CVE-2013-4120.json | 34 ++-- 2013/4xxx/CVE-2013-4154.json | 160 ++++++++-------- 2013/4xxx/CVE-2013-4328.json | 34 ++-- 2013/4xxx/CVE-2013-4460.json | 160 ++++++++-------- 2013/4xxx/CVE-2013-4671.json | 160 ++++++++-------- 2013/6xxx/CVE-2013-6113.json | 34 ++-- 2013/6xxx/CVE-2013-6894.json | 34 ++-- 2013/7xxx/CVE-2013-7059.json | 34 ++-- 2013/7xxx/CVE-2013-7345.json | 170 ++++++++--------- 2017/10xxx/CVE-2017-10455.json | 34 ++-- 2017/10xxx/CVE-2017-10703.json | 34 ++-- 2017/13xxx/CVE-2017-13147.json | 120 ++++++------ 2017/13xxx/CVE-2017-13299.json | 158 +++++++-------- 2017/13xxx/CVE-2017-13310.json | 34 ++-- 2017/13xxx/CVE-2017-13564.json | 34 ++-- 2017/13xxx/CVE-2017-13744.json | 140 +++++++------- 2017/13xxx/CVE-2017-13751.json | 130 ++++++------- 2017/17xxx/CVE-2017-17052.json | 150 +++++++-------- 2017/17xxx/CVE-2017-17155.json | 120 ++++++------ 2017/17xxx/CVE-2017-17646.json | 34 ++-- 2017/17xxx/CVE-2017-17782.json | 160 ++++++++-------- 2017/17xxx/CVE-2017-17795.json | 120 ++++++------ 2017/17xxx/CVE-2017-17915.json | 160 ++++++++-------- 2017/9xxx/CVE-2017-9005.json | 34 ++-- 2017/9xxx/CVE-2017-9007.json | 34 ++-- 2017/9xxx/CVE-2017-9624.json | 130 ++++++------- 2018/0xxx/CVE-2018-0115.json | 140 +++++++------- 2018/0xxx/CVE-2018-0647.json | 130 ++++++------- 2018/0xxx/CVE-2018-0988.json | 288 ++++++++++++++-------------- 2018/18xxx/CVE-2018-18232.json | 34 ++-- 2018/18xxx/CVE-2018-18572.json | 34 ++-- 2018/18xxx/CVE-2018-18601.json | 120 ++++++------ 2018/19xxx/CVE-2018-19169.json | 34 ++-- 2018/19xxx/CVE-2018-19222.json | 120 ++++++------ 2018/19xxx/CVE-2018-19233.json | 150 +++++++-------- 2018/19xxx/CVE-2018-19986.json | 34 ++-- 2018/1xxx/CVE-2018-1094.json | 210 ++++++++++---------- 2018/1xxx/CVE-2018-1216.json | 150 +++++++-------- 61 files changed, 3972 insertions(+), 3972 deletions(-) diff --git a/2008/0xxx/CVE-2008-0002.json b/2008/0xxx/CVE-2008-0002.json index 77a16cf133b..b997fc99b3d 100644 --- a/2008/0xxx/CVE-2008-0002.json +++ b/2008/0xxx/CVE-2008-0002.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080208 CVE-2008-0002: Tomcat information disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487812/100/0/threaded" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://support.apple.com/kb/HT3216", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3216" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "APPLE-SA-2008-10-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" - }, - { - "name" : "FEDORA-2008-1467", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html" - }, - { - "name" : "FEDORA-2008-1603", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html" - }, - { - "name" : "GLSA-200804-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-10.xml" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "27703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27703" - }, - { - "name" : "31681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31681" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - }, - { - "name" : "ADV-2008-0488", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0488" - }, - { - "name" : "ADV-2008-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2780" - }, - { - "name" : "28834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28834" - }, - { - "name" : "28915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28915" - }, - { - "name" : "29711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29711" - }, - { - "name" : "32222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32222" - }, - { - "name" : "3638", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3638" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3638", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3638" + }, + { + "name": "27703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27703" + }, + { + "name": "28915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28915" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "20080208 CVE-2008-0002: Tomcat information disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487812/100/0/threaded" + }, + { + "name": "31681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31681" + }, + { + "name": "28834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28834" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "ADV-2008-0488", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0488" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "32222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32222" + }, + { + "name": "FEDORA-2008-1467", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html" + }, + { + "name": "GLSA-200804-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml" + }, + { + "name": "FEDORA-2008-1603", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html" + }, + { + "name": "ADV-2008-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2780" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "APPLE-SA-2008-10-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3216", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3216" + }, + { + "name": "29711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29711" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0087.json b/2008/0xxx/CVE-2008-0087.json index 2eddd223f65..c082c3289ef 100644 --- a/2008/0xxx/CVE-2008-0087.json +++ b/2008/0xxx/CVE-2008-0087.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-0087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080408 Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490575/100/0/threaded" - }, - { - "name" : "http://www.trusteer.com/docs/windowsresolver.html", - "refsource" : "MISC", - "url" : "http://www.trusteer.com/docs/windowsresolver.html" - }, - { - "name" : "HPSBST02329", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120845064910729&w=2" - }, - { - "name" : "SSRT080048", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120845064910729&w=2" - }, - { - "name" : "MS08-020", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020" - }, - { - "name" : "TA08-099A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" - }, - { - "name" : "28553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28553" - }, - { - "name" : "oval:org.mitre.oval:def:5314", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314" - }, - { - "name" : "ADV-2008-1144", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1144/references" - }, - { - "name" : "1019802", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019802" - }, - { - "name" : "29696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA08-099A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" + }, + { + "name": "SSRT080048", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120845064910729&w=2" + }, + { + "name": "MS08-020", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020" + }, + { + "name": "29696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29696" + }, + { + "name": "HPSBST02329", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120845064910729&w=2" + }, + { + "name": "http://www.trusteer.com/docs/windowsresolver.html", + "refsource": "MISC", + "url": "http://www.trusteer.com/docs/windowsresolver.html" + }, + { + "name": "1019802", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019802" + }, + { + "name": "oval:org.mitre.oval:def:5314", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314" + }, + { + "name": "ADV-2008-1144", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1144/references" + }, + { + "name": "20080408 Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490575/100/0/threaded" + }, + { + "name": "28553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28553" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0730.json b/2008/0xxx/CVE-2008-0730.json index d8bc8082705..05d2f6b0f95 100644 --- a/2008/0xxx/CVE-2008-0730.json +++ b/2008/0xxx/CVE-2008-0730.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "201315", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201315-1" - }, - { - "name" : "27770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27770" - }, - { - "name" : "ADV-2008-0452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0452" - }, - { - "name" : "oval:org.mitre.oval:def:5545", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5545" - }, - { - "name" : "28931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0452" + }, + { + "name": "28931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28931" + }, + { + "name": "27770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27770" + }, + { + "name": "oval:org.mitre.oval:def:5545", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5545" + }, + { + "name": "201315", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201315-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0800.json b/2008/0xxx/CVE-2008-0800.json index 8c5d8a3319b..4e814f2d8f6 100644 --- a/2008/0xxx/CVE-2008-0800.json +++ b/2008/0xxx/CVE-2008-0800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5118", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5118" - }, - { - "name" : "27809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27809" - }, - { - "name" : "28940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5118", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5118" + }, + { + "name": "28940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28940" + }, + { + "name": "27809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27809" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0915.json b/2008/0xxx/CVE-2008-0915.json index c72f45514a7..c98f9f5aa96 100644 --- a/2008/0xxx/CVE-2008-0915.json +++ b/2008/0xxx/CVE-2008-0915.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080214 DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488133/100/100/threaded" - }, - { - "name" : "20080214 DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060314.html" - }, - { - "name" : "27800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27800" - }, - { - "name" : "28963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28963" - }, - { - "name" : "3692", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28963" + }, + { + "name": "20080214 DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488133/100/100/threaded" + }, + { + "name": "27800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27800" + }, + { + "name": "3692", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3692" + }, + { + "name": "20080214 DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060314.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1052.json b/2008/1xxx/CVE-2008-1052.json index 074b1097414..2c057a0b364 100644 --- a/2008/1xxx/CVE-2008-1052.json +++ b/2008/1xxx/CVE-2008-1052.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080225 NULL pointer in SurgeFTP 2.3a2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488745/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt" - }, - { - "name" : "27993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27993" - }, - { - "name" : "29096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29096" - }, - { - "name" : "3704", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3704" - }, - { - "name" : "surgeftp-contentlength-dos(40843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080225 NULL pointer in SurgeFTP 2.3a2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded" + }, + { + "name": "29096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29096" + }, + { + "name": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt" + }, + { + "name": "surgeftp-contentlength-dos(40843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843" + }, + { + "name": "3704", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3704" + }, + { + "name": "27993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27993" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1118.json b/2008/1xxx/CVE-2008-1118.json index 7089fa63a5f..06282a8d258 100644 --- a/2008/1xxx/CVE-2008-1118.json +++ b/2008/1xxx/CVE-2008-1118.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080311 CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489414/100/0/threaded" - }, - { - "name" : "5238", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5238" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2166", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2166" - }, - { - "name" : "28081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28081" - }, - { - "name" : "29316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29316" - }, - { - "name" : "3742", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3742" - }, - { - "name" : "timbuktu-log-security-bypass(41330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29316" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2166", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2166" + }, + { + "name": "3742", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3742" + }, + { + "name": "28081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28081" + }, + { + "name": "timbuktu-log-security-bypass(41330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41330" + }, + { + "name": "20080311 CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489414/100/0/threaded" + }, + { + "name": "5238", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5238" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1198.json b/2008/1xxx/CVE-2008-1198.json index f1d255e8e40..d28332d6b4c 100644 --- a/2008/1xxx/CVE-2008-1198.json +++ b/2008/1xxx/CVE-2008-1198.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ernw.de/download/pskattack.pdf", - "refsource" : "MISC", - "url" : "http://www.ernw.de/download/pskattack.pdf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=435274", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=435274" - }, - { - "name" : "1019563", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019563" - }, - { - "name" : "48045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48045" - }, - { - "name" : "ipsec-ifup-weak-security(41053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ernw.de/download/pskattack.pdf", + "refsource": "MISC", + "url": "http://www.ernw.de/download/pskattack.pdf" + }, + { + "name": "ipsec-ifup-weak-security(41053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41053" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=435274", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=435274" + }, + { + "name": "48045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48045" + }, + { + "name": "1019563", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019563" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1829.json b/2008/1xxx/CVE-2008-1829.json index 94ff5ae64f0..80188e49812 100644 --- a/2008/1xxx/CVE-2008-1829.json +++ b/2008/1xxx/CVE-2008-1829.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" - }, - { - "name" : "ADV-2008-1233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1233/references" - }, - { - "name" : "ADV-2008-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1267/references" - }, - { - "name" : "1019855", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019855" - }, - { - "name" : "29874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29874" - }, - { - "name" : "29829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29829" - }, - { - "name" : "oracle-cpu-april-2008(41858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" - }, - { - "name" : "oracle-peoplesoft-hcm-unspecified2(42066)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-peoplesoft-hcm-unspecified2(42066)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42066" + }, + { + "name": "oracle-cpu-april-2008(41858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" + }, + { + "name": "ADV-2008-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1267/references" + }, + { + "name": "ADV-2008-1233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1233/references" + }, + { + "name": "1019855", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019855" + }, + { + "name": "29829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29829" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" + }, + { + "name": "29874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29874" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1990.json b/2008/1xxx/CVE-2008-1990.json index 443e23cb8ba..0f90d4de6ee 100644 --- a/2008/1xxx/CVE-2008-1990.json +++ b/2008/1xxx/CVE-2008-1990.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080420 Acidcat CMS Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491129/100/0/threaded" - }, - { - "name" : "5478", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5478" - }, - { - "name" : "http://bugreport.ir/index.php?/36", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/36" - }, - { - "name" : "28868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28868" - }, - { - "name" : "29916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29916" - }, - { - "name" : "3842", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3842" - }, - { - "name" : "acidcat-default-sql-injection(41918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugreport.ir/index.php?/36", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/36" + }, + { + "name": "3842", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3842" + }, + { + "name": "29916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29916" + }, + { + "name": "20080420 Acidcat CMS Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491129/100/0/threaded" + }, + { + "name": "acidcat-default-sql-injection(41918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41918" + }, + { + "name": "28868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28868" + }, + { + "name": "5478", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5478" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4129.json b/2008/4xxx/CVE-2008-4129.json index 68d2e241c2f..b65aab46a5d 100644 --- a/2008/4xxx/CVE-2008-4129.json +++ b/2008/4xxx/CVE-2008-4129.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_1.5.9_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_1.5.9_released" - }, - { - "name" : "http://gallery.menalto.com/gallery_2.2.6_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.6_released" - }, - { - "name" : "FEDORA-2008-11230", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html" - }, - { - "name" : "FEDORA-2008-11258", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html" - }, - { - "name" : "GLSA-200811-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-02.xml" - }, - { - "name" : "31231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31231" - }, - { - "name" : "32662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32662" - }, - { - "name" : "33144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33144" - }, - { - "name" : "31912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31912" - }, - { - "name" : "gallery-ziparchives-information-disclosure(45228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200811-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml" + }, + { + "name": "33144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33144" + }, + { + "name": "gallery-ziparchives-information-disclosure(45228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228" + }, + { + "name": "31912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31912" + }, + { + "name": "32662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32662" + }, + { + "name": "FEDORA-2008-11258", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html" + }, + { + "name": "31231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31231" + }, + { + "name": "http://gallery.menalto.com/gallery_2.2.6_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.6_released" + }, + { + "name": "http://gallery.menalto.com/gallery_1.5.9_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_1.5.9_released" + }, + { + "name": "FEDORA-2008-11230", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4981.json b/2008/4xxx/CVE-2008-4981.json index 15719625f60..07efd3e36ca 100644 --- a/2008/4xxx/CVE-2008-4981.json +++ b/2008/4xxx/CVE-2008-4981.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/496385", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/496385" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/realtimebattle-common", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/realtimebattle-common" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "30967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30967" - }, - { - "name" : "realtimebattlecommon-perlrobot-symlink(44882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "realtimebattlecommon-perlrobot-symlink(44882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44882" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://bugs.debian.org/496385", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/496385" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/realtimebattle-common", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/realtimebattle-common" + }, + { + "name": "30967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30967" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5184.json b/2008/5xxx/CVE-2008-5184.json index 75442fec243..9c98aada040 100644 --- a/2008/5xxx/CVE-2008-5184.json +++ b/2008/5xxx/CVE-2008-5184.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2008-5184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/" - }, - { - "name" : "http://www.cups.org/str.php?L2774", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/str.php?L2774" - }, - { - "name" : "[oss-security] 20081119 CVE request: CUPS DoS via RSS subscriptions", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/19/3" - }, - { - "name" : "MDVSA-2009:028", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028" - }, - { - "name" : "SUSE-SR:2008:026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20081119 CVE request: CUPS DoS via RSS subscriptions", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/19/3" + }, + { + "name": "http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/" + }, + { + "name": "http://www.cups.org/str.php?L2774", + "refsource": "CONFIRM", + "url": "http://www.cups.org/str.php?L2774" + }, + { + "name": "SUSE-SR:2008:026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" + }, + { + "name": "MDVSA-2009:028", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5664.json b/2008/5xxx/CVE-2008-5664.json index 909e456800f..61606b1f053 100644 --- a/2008/5xxx/CVE-2008-5664.json +++ b/2008/5xxx/CVE-2008-5664.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7492", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7492" - }, - { - "name" : "http://www.shinnai.net/xplits/TXT_n7dMz2jBQsDJFtplslYw.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/xplits/TXT_n7dMz2jBQsDJFtplslYw.html" - }, - { - "name" : "32860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32860" - }, - { - "name" : "ADV-2008-3446", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3446" - }, - { - "name" : "50715", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50715" - }, - { - "name" : "33183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33183" - }, - { - "name" : "4783", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4783" - }, - { - "name" : "rtlrack-playlist-bo(47380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rtlrack-playlist-bo(47380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47380" + }, + { + "name": "7492", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7492" + }, + { + "name": "4783", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4783" + }, + { + "name": "50715", + "refsource": "OSVDB", + "url": "http://osvdb.org/50715" + }, + { + "name": "33183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33183" + }, + { + "name": "http://www.shinnai.net/xplits/TXT_n7dMz2jBQsDJFtplslYw.html", + "refsource": "MISC", + "url": "http://www.shinnai.net/xplits/TXT_n7dMz2jBQsDJFtplslYw.html" + }, + { + "name": "ADV-2008-3446", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3446" + }, + { + "name": "32860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32860" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2020.json b/2013/2xxx/CVE-2013-2020.json index dee69de156a..b4fd9416372 100644 --- a/2013/2xxx/CVE-2013-2020.json +++ b/2013/2xxx/CVE-2013-2020.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130424 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/25/2" - }, - { - "name" : "[oss-security] 20130429 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/29/20" - }, - { - "name" : "http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html" - }, - { - "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=7055", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=7055" - }, - { - "name" : "https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375", - "refsource" : "CONFIRM", - "url" : "https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375" - }, - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "http://support.apple.com/kb/HT5892", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5892" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2013-09-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html" - }, - { - "name" : "FEDORA-2013-10853", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html" - }, - { - "name" : "FEDORA-2013-10953", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html" - }, - { - "name" : "FEDORA-2013-10980", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html" - }, - { - "name" : "FEDORA-2013-8047", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html" - }, - { - "name" : "MDVSA-2013:159", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:159" - }, - { - "name" : "openSUSE-SU-2013:0881", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html" - }, - { - "name" : "openSUSE-SU-2013:0883", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html" - }, - { - "name" : "SUSE-SU-2014:1571", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html" - }, - { - "name" : "USN-1816-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1816-1" - }, - { - "name" : "59434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59434" - }, - { - "name" : "53150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53150" - }, - { - "name" : "53182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53150" + }, + { + "name": "FEDORA-2013-10853", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html" + }, + { + "name": "FEDORA-2013-8047", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html" + }, + { + "name": "SUSE-SU-2014:1571", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html" + }, + { + "name": "openSUSE-SU-2013:0881", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html" + }, + { + "name": "http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html", + "refsource": "CONFIRM", + "url": "http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html" + }, + { + "name": "http://support.apple.com/kb/HT5892", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5892" + }, + { + "name": "https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375", + "refsource": "CONFIRM", + "url": "https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375" + }, + { + "name": "USN-1816-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1816-1" + }, + { + "name": "openSUSE-SU-2013:0883", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html" + }, + { + "name": "53182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53182" + }, + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "[oss-security] 20130429 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/29/20" + }, + { + "name": "APPLE-SA-2013-09-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html" + }, + { + "name": "59434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59434" + }, + { + "name": "[oss-security] 20130424 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/25/2" + }, + { + "name": "MDVSA-2013:159", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:159" + }, + { + "name": "FEDORA-2013-10953", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html" + }, + { + "name": "https://bugzilla.clamav.net/show_bug.cgi?id=7055", + "refsource": "CONFIRM", + "url": "https://bugzilla.clamav.net/show_bug.cgi?id=7055" + }, + { + "name": "FEDORA-2013-10980", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2040.json b/2013/2xxx/CVE-2013-2040.json index 39fb49f08e3..78dd09f8240 100644 --- a/2013/2xxx/CVE-2013-2040.json +++ b/2013/2xxx/CVE-2013-2040.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-021/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2231.json b/2013/2xxx/CVE-2013-2231.json index 0e1a67a9d57..178540769e3 100644 --- a/2013/2xxx/CVE-2013-2231.json +++ b/2013/2xxx/CVE-2013-2231.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=980757", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=980757" - }, - { - "name" : "RHSA-2013:1100", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1100.html" - }, - { - "name" : "RHSA-2013:1101", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1101.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1101", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1101.html" + }, + { + "name": "RHSA-2013:1100", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1100.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=980757", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=980757" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3266.json b/2013/3xxx/CVE-2013-3266.json index f5cd202cff0..4ef790beb65 100644 --- a/2013/3xxx/CVE-2013-3266.json +++ b/2013/3xxx/CVE-2013-3266.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-2672", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2672" - }, - { - "name" : "FreeBSD-SA-13:05", - "refsource" : "FREEBSD", - "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc" - }, - { - "name" : "1028491", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028491" - }, - { - "name" : "53241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53241" + }, + { + "name": "FreeBSD-SA-13:05", + "refsource": "FREEBSD", + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc" + }, + { + "name": "DSA-2672", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2672" + }, + { + "name": "1028491", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028491" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3433.json b/2013/3xxx/CVE-2013-3433.json index 2dde19cc649..55c953bab4d 100644 --- a/2013/3xxx/CVE-2013-3433.json +++ b/2013/3xxx/CVE-2013-3433.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm" - }, - { - "name" : "61297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61297" - }, - { - "name" : "95404", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95404" - }, - { - "name" : "54249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61297" + }, + { + "name": "54249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54249" + }, + { + "name": "95404", + "refsource": "OSVDB", + "url": "http://osvdb.org/95404" + }, + { + "name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3466.json b/2013/3xxx/CVE-2013-3466.json index 544277de04d..30178358b17 100644 --- a/2013/3xxx/CVE-2013-3466.json +++ b/2013/3xxx/CVE-2013-3466.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130828 Cisco Secure Access Control Server Remote Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs" - }, - { - "name" : "96668", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96668" - }, - { - "name" : "1028958", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130828 Cisco Secure Access Control Server Remote Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs" + }, + { + "name": "1028958", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028958" + }, + { + "name": "96668", + "refsource": "OSVDB", + "url": "http://osvdb.org/96668" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3691.json b/2013/3xxx/CVE-2013-3691.json index d516195b6a8..904bd2ed4fa 100644 --- a/2013/3xxx/CVE-2013-3691.json +++ b/2013/3xxx/CVE-2013-3691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3767.json b/2013/3xxx/CVE-2013-3767.json index bc4862767ff..ac320440709 100644 --- a/2013/3xxx/CVE-2013-3767.json +++ b/2013/3xxx/CVE-2013-3767.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "61246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61246" - }, - { - "name" : "95281", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95281" - }, - { - "name" : "1028799", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028799" - }, - { - "name" : "54222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54222" - }, - { - "name" : "oracle-cpujuly2013-cve20133767(85668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "95281", + "refsource": "OSVDB", + "url": "http://osvdb.org/95281" + }, + { + "name": "1028799", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028799" + }, + { + "name": "54222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54222" + }, + { + "name": "61246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61246" + }, + { + "name": "oracle-cpujuly2013-cve20133767(85668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85668" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4059.json b/2013/4xxx/CVE-2013-4059.json index 002642cab8a..04ab51a0b4f 100644 --- a/2013/4xxx/CVE-2013-4059.json +++ b/2013/4xxx/CVE-2013-4059.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666684", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666684" - }, - { - "name" : "JR48815", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815" - }, - { - "name" : "JR49200", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200" - }, - { - "name" : "JR49206", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206" - }, - { - "name" : "66151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66151" - }, - { - "name" : "ibm-infosphere-cve20134059-xss(86548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR49200", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200" + }, + { + "name": "JR48815", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815" + }, + { + "name": "ibm-infosphere-cve20134059-xss(86548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86548" + }, + { + "name": "JR49206", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206" + }, + { + "name": "66151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66151" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666684", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666684" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4120.json b/2013/4xxx/CVE-2013-4120.json index 9f2e6a315c1..341c2ee7641 100644 --- a/2013/4xxx/CVE-2013-4120.json +++ b/2013/4xxx/CVE-2013-4120.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4120", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4120", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4154.json b/2013/4xxx/CVE-2013-4154.json index 006241c7f59..8ad2825e2ee 100644 --- a/2013/4xxx/CVE-2013-4154.json +++ b/2013/4xxx/CVE-2013-4154.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \"agent based cpu (un)plug,\" as demonstrated by the \"virsh vcpucount foobar --guest\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130719 Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/07/19/12" - }, - { - "name" : "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=96518d4316b711c72205117f8d5c967d5127bbb6", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=96518d4316b711c72205117f8d5c967d5127bbb6" - }, - { - "name" : "http://libvirt.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/news.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=984821", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=984821" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=986386", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=986386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \"agent based cpu (un)plug,\" as demonstrated by the \"virsh vcpucount foobar --guest\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=96518d4316b711c72205117f8d5c967d5127bbb6", + "refsource": "CONFIRM", + "url": "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=96518d4316b711c72205117f8d5c967d5127bbb6" + }, + { + "name": "http://libvirt.org/news.html", + "refsource": "CONFIRM", + "url": "http://libvirt.org/news.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=984821", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=986386", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=986386" + }, + { + "name": "[oss-security] 20130719 Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/07/19/12" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4328.json b/2013/4xxx/CVE-2013-4328.json index 271430b7641..83d37e9139e 100644 --- a/2013/4xxx/CVE-2013-4328.json +++ b/2013/4xxx/CVE-2013-4328.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4328", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4238. Reason: This candidate is a duplicate of CVE-2013-4238. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4238 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4328", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4238. Reason: This candidate is a duplicate of CVE-2013-4238. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4238 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4460.json b/2013/4xxx/CVE-2013-4460.json index 7e5b516b219..4930fdb1fb5 100644 --- a/2013/4xxx/CVE-2013-4460.json +++ b/2013/4xxx/CVE-2013-4460.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131022 Re: CVE Request: MantisBT before 1.2.16 XSS vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/168" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=16513", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=16513" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/0002d106a6cd35cb0a6fe03246531a4e3f32c9d0#diff-4122320b011a3291cd45da074a867076", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/0002d106a6cd35cb0a6fe03246531a4e3f32c9d0#diff-4122320b011a3291cd45da074a867076" - }, - { - "name" : "98823", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98823" - }, - { - "name" : "55305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mantisbt.org/bugs/view.php?id=16513", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=16513" + }, + { + "name": "98823", + "refsource": "OSVDB", + "url": "http://osvdb.org/98823" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/0002d106a6cd35cb0a6fe03246531a4e3f32c9d0#diff-4122320b011a3291cd45da074a867076", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/0002d106a6cd35cb0a6fe03246531a4e3f32c9d0#diff-4122320b011a3291cd45da074a867076" + }, + { + "name": "[oss-security] 20131022 Re: CVE Request: MantisBT before 1.2.16 XSS vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/168" + }, + { + "name": "55305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55305" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4671.json b/2013/4xxx/CVE-2013-4671.json index 07c79318b2d..554074943fe 100644 --- a/2013/4xxx/CVE-2013-4671.json +++ b/2013/4xxx/CVE-2013-4671.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-4671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00" - }, - { - "name" : "61102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61102" - }, - { - "name" : "95699", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt" + }, + { + "name": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html" + }, + { + "name": "61102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61102" + }, + { + "name": "95699", + "refsource": "OSVDB", + "url": "http://osvdb.org/95699" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6113.json b/2013/6xxx/CVE-2013-6113.json index d1caedd8728..85ad7fb2099 100644 --- a/2013/6xxx/CVE-2013-6113.json +++ b/2013/6xxx/CVE-2013-6113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6894.json b/2013/6xxx/CVE-2013-6894.json index 702a2ca9ace..15dec3c7c0e 100644 --- a/2013/6xxx/CVE-2013-6894.json +++ b/2013/6xxx/CVE-2013-6894.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6894", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6894", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7059.json b/2013/7xxx/CVE-2013-7059.json index 8ab56ea510e..6e18b497b5c 100644 --- a/2013/7xxx/CVE-2013-7059.json +++ b/2013/7xxx/CVE-2013-7059.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7059", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7059", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7345.json b/2013/7xxx/CVE-2013-7345.json index a518a119e20..4dabe435c22 100644 --- a/2013/7xxx/CVE-2013-7345.json +++ b/2013/7xxx/CVE-2013-7345.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gw.com/view.php?id=164", - "refsource" : "CONFIRM", - "url" : "http://bugs.gw.com/view.php?id=164" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993" - }, - { - "name" : "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "DSA-2873", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2873" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993" + }, + { + "name": "http://bugs.gw.com/view.php?id=164", + "refsource": "CONFIRM", + "url": "http://bugs.gw.com/view.php?id=164" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "DSA-2873", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2873" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10455.json b/2017/10xxx/CVE-2017-10455.json index 931237f7079..d7edc5ef903 100644 --- a/2017/10xxx/CVE-2017-10455.json +++ b/2017/10xxx/CVE-2017-10455.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10455", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10455", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10703.json b/2017/10xxx/CVE-2017-10703.json index e11bca29989..66536a610fa 100644 --- a/2017/10xxx/CVE-2017-10703.json +++ b/2017/10xxx/CVE-2017-10703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10703", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10703", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13147.json b/2017/13xxx/CVE-2017-13147.json index 6769a57ca12..2592491c4b5 100644 --- a/2017/13xxx/CVE-2017-13147.json +++ b/2017/13xxx/CVE-2017-13147.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/446/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/446/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/446/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/446/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13299.json b/2017/13xxx/CVE-2017-13299.json index e4186113d42..94d16e645ad 100644 --- a/2017/13xxx/CVE-2017-13299.json +++ b/2017/13xxx/CVE-2017-13299.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-13299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-13299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13310.json b/2017/13xxx/CVE-2017-13310.json index 4f56563792c..9651610259d 100644 --- a/2017/13xxx/CVE-2017-13310.json +++ b/2017/13xxx/CVE-2017-13310.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13310", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13310", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13564.json b/2017/13xxx/CVE-2017-13564.json index 0f2786fb735..7f72da06065 100644 --- a/2017/13xxx/CVE-2017-13564.json +++ b/2017/13xxx/CVE-2017-13564.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13564", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13564", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13744.json b/2017/13xxx/CVE-2017-13744.json index d2ed368aeb4..12f15689875 100644 --- a/2017/13xxx/CVE-2017-13744.json +++ b/2017/13xxx/CVE-2017-13744.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484338", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484338" - }, - { - "name" : "RHSA-2017:3111", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3111" - }, - { - "name" : "100607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484338", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484338" + }, + { + "name": "100607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100607" + }, + { + "name": "RHSA-2017:3111", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3111" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13751.json b/2017/13xxx/CVE-2017-13751.json index f463632ae74..e3013528f53 100644 --- a/2017/13xxx/CVE-2017-13751.json +++ b/2017/13xxx/CVE-2017-13751.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485283", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485283" - }, - { - "name" : "100514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485283", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485283" + }, + { + "name": "100514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100514" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17052.json b/2017/17xxx/CVE-2017-17052.json index 3a9e8b50aff..8af2f8258e0 100644 --- a/2017/17xxx/CVE-2017-17052.json +++ b/2017/17xxx/CVE-2017-17052.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b7e8665b4ff51c034c55df3cff76518d1a9ee3a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b7e8665b4ff51c034c55df3cff76518d1a9ee3a" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10" - }, - { - "name" : "102009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b7e8665b4ff51c034c55df3cff76518d1a9ee3a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b7e8665b4ff51c034c55df3cff76518d1a9ee3a" + }, + { + "name": "102009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102009" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10" + }, + { + "name": "https://github.com/torvalds/linux/commit/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17155.json b/2017/17xxx/CVE-2017-17155.json index 44ea69297f1..8e8a10a9e89 100644 --- a/2017/17xxx/CVE-2017-17155.json +++ b/2017/17xxx/CVE-2017-17155.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IPS,Module,NGFW,Module,NIP6300,NIP6600,Secospace,USG6300,Secospace,USG6500,Secospace,USG6600,USG9500", - "version" : { - "version_data" : [ - { - "version_value" : "IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds memory access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IPS,Module,NGFW,Module,NIP6300,NIP6600,Secospace,USG6300,Secospace,USG6500,Secospace,USG6600,USG9500", + "version": { + "version_data": [ + { + "version_value": "IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds memory access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17646.json b/2017/17xxx/CVE-2017-17646.json index be8f7cdea4d..d3c6946804b 100644 --- a/2017/17xxx/CVE-2017-17646.json +++ b/2017/17xxx/CVE-2017-17646.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17646", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17646", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17782.json b/2017/17xxx/CVE-2017-17782.json index fa998bb84f2..586f04c0e6a 100644 --- a/2017/17xxx/CVE-2017-17782.json +++ b/2017/17xxx/CVE-2017-17782.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" - }, - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" - }, - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c", - "refsource" : "CONFIRM", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/530/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/530/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" + }, + { + "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c", + "refsource": "CONFIRM", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c" + }, + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/530/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/530/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17795.json b/2017/17xxx/CVE-2017-17795.json index d847a5dedfa..1db4c53da2e 100644 --- a/2017/17xxx/CVE-2017-17795.json +++ b/2017/17xxx/CVE-2017-17795.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/IKARUS_POC/tree/master/0x83000088", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/IKARUS_POC/tree/master/0x83000088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/IKARUS_POC/tree/master/0x83000088", + "refsource": "MISC", + "url": "https://github.com/rubyfly/IKARUS_POC/tree/master/0x83000088" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17915.json b/2017/17xxx/CVE-2017-17915.json index 166a5f6b411..b8132306762 100644 --- a/2017/17xxx/CVE-2017-17915.json +++ b/2017/17xxx/CVE-2017-17915.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" - }, - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" - }, - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a", - "refsource" : "CONFIRM", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/535/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/535/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/535/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/535/" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a", + "refsource": "CONFIRM", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a" + }, + { + "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9005.json b/2017/9xxx/CVE-2017-9005.json index 9b93f8e9c40..7357d39d8f6 100644 --- a/2017/9xxx/CVE-2017-9005.json +++ b/2017/9xxx/CVE-2017-9005.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9005", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9005", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9007.json b/2017/9xxx/CVE-2017-9007.json index e7914114d3a..0754dc70993 100644 --- a/2017/9xxx/CVE-2017-9007.json +++ b/2017/9xxx/CVE-2017-9007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9007", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9007", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9624.json b/2017/9xxx/CVE-2017-9624.json index e71332cebe3..9c6cf672e57 100644 --- a/2017/9xxx/CVE-2017-9624.json +++ b/2017/9xxx/CVE-2017-9624.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd", - "refsource" : "CONFIRM", - "url" : "https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd" - }, - { - "name" : "https://github.com/Telaxus/EPESI/issues/186", - "refsource" : "CONFIRM", - "url" : "https://github.com/Telaxus/EPESI/issues/186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Telaxus/EPESI/issues/186", + "refsource": "CONFIRM", + "url": "https://github.com/Telaxus/EPESI/issues/186" + }, + { + "name": "https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd", + "refsource": "CONFIRM", + "url": "https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0115.json b/2018/0xxx/CVE-2018-0115.json index eb11b33d897..8fde35d2045 100644 --- a/2018/0xxx/CVE-2018-0115.json +++ b/2018/0xxx/CVE-2018-0115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco StarOS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco StarOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco StarOS", + "version": { + "version_data": [ + { + "version_value": "Cisco StarOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros" - }, - { - "name" : "102788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102788" - }, - { - "name" : "1040239", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040239", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040239" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros" + }, + { + "name": "102788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102788" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0647.json b/2018/0xxx/CVE-2018-0647.json index d5379c624e9..3780376c052 100644 --- a/2018/0xxx/CVE-2018-0647.json +++ b/2018/0xxx/CVE-2018-0647.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WL-330NUL", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version prior to 3.0.0.46" - } - ] - } - } - ] - }, - "vendor_name" : "ASUS Japan Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WL-330NUL", + "version": { + "version_data": [ + { + "version_value": "Firmware version prior to 3.0.0.46" + } + ] + } + } + ] + }, + "vendor_name": "ASUS Japan Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/", - "refsource" : "MISC", - "url" : "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/" - }, - { - "name" : "JVN#71329812", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN71329812/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/", + "refsource": "MISC", + "url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/" + }, + { + "name": "JVN#71329812", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN71329812/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0988.json b/2018/0xxx/CVE-2018-0988.json index 3e2fd191c5f..dc863dd7b0d 100644 --- a/2018/0xxx/CVE-2018-0988.json +++ b/2018/0xxx/CVE-2018-0988.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 9", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1511 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0996, CVE-2018-1001." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1511 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1511 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0988", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0988" - }, - { - "name" : "103615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103615" - }, - { - "name" : "1040653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0996, CVE-2018-1001." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040653" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0988", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0988" + }, + { + "name": "103615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103615" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18232.json b/2018/18xxx/CVE-2018-18232.json index ce496365adb..5f4725d95c8 100644 --- a/2018/18xxx/CVE-2018-18232.json +++ b/2018/18xxx/CVE-2018-18232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18232", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18232", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18572.json b/2018/18xxx/CVE-2018-18572.json index 48d4d301852..21572dfed15 100644 --- a/2018/18xxx/CVE-2018-18572.json +++ b/2018/18xxx/CVE-2018-18572.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18572", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18572", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18601.json b/2018/18xxx/CVE-2018-18601.json index e63bfa5fe0f..d2cf52bbbb9 100644 --- a/2018/18xxx/CVE-2018-18601.json +++ b/2018/18xxx/CVE-2018-18601.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/", - "refsource" : "MISC", - "url" : "https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/", + "refsource": "MISC", + "url": "https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19169.json b/2018/19xxx/CVE-2018-19169.json index 93699be255e..e62b8601363 100644 --- a/2018/19xxx/CVE-2018-19169.json +++ b/2018/19xxx/CVE-2018-19169.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19169", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19169", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19222.json b/2018/19xxx/CVE-2018-19222.json index a74d0657f4e..5bab0cdbd71 100644 --- a/2018/19xxx/CVE-2018-19222.json +++ b/2018/19xxx/CVE-2018-19222.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#reset-admin-password", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#reset-admin-password" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#reset-admin-password", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#reset-admin-password" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19233.json b/2018/19xxx/CVE-2018-19233.json index 39e2b0bdb80..75c3cba6ef0 100644 --- a/2018/19xxx/CVE-2018-19233.json +++ b/2018/19xxx/CVE-2018-19233.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181121 SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition", - "refsource" : "BUGTRAQ", - "url" : "https://seclists.org/bugtraq/2018/Nov/37" - }, - { - "name" : "20181121 SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Nov/55" - }, - { - "name" : "http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html" + }, + { + "name": "20181121 SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Nov/55" + }, + { + "name": "20181121 SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition", + "refsource": "BUGTRAQ", + "url": "https://seclists.org/bugtraq/2018/Nov/37" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19986.json b/2018/19xxx/CVE-2018-19986.json index b150200bc53..8c381d2e1fa 100644 --- a/2018/19xxx/CVE-2018-19986.json +++ b/2018/19xxx/CVE-2018-19986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19986", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19986", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1094.json b/2018/1xxx/CVE-2018-1094.json index 5f7dadf4313..ce595d695e7 100644 --- a/2018/1xxx/CVE-2018-1094.json +++ b/2018/1xxx/CVE-2018-1094.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2018-1094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel through version 4.15", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel through version 4.15" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NULL pointer dereference" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel through version 4.15", + "version": { + "version_data": [ + { + "version_value": "Linux kernel through version 4.15" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2018/03/29/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/03/29/1" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=199183", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=199183" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1560788", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1560788" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "USN-3695-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3695-1/" - }, - { - "name" : "USN-3695-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3695-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL pointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788" + }, + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957" + }, + { + "name": "http://openwall.com/lists/oss-security/2018/03/29/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/03/29/1" + }, + { + "name": "USN-3695-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3695-1/" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1" + }, + { + "name": "USN-3695-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3695-2/" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=199183", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199183" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1216.json b/2018/1xxx/CVE-2018-1216.json index 79a15b8c967..6f5970f19a8 100644 --- a/2018/1xxx/CVE-2018-1216.json +++ b/2018/1xxx/CVE-2018-1216.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2018-1216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)", - "version" : { - "version_data" : [ - { - "version_value" : "vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Hard-coded password vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2018-1216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)", + "version": { + "version_data": [ + { + "version_value": "vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-03", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-03" - }, - { - "name" : "http://seclists.org/fulldisclosure/2018/Feb/41", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2018/Feb/41" - }, - { - "name" : "103039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103039" - }, - { - "name" : "1040383", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hard-coded password vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103039" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-03", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-03" + }, + { + "name": "1040383", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040383" + }, + { + "name": "http://seclists.org/fulldisclosure/2018/Feb/41", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2018/Feb/41" + } + ] + } +} \ No newline at end of file