diff --git a/2004/1xxx/CVE-2004-1423.json b/2004/1xxx/CVE-2004-1423.json index f6066f20aa3..9c2f28c4009 100644 --- a/2004/1xxx/CVE-2004-1423.json +++ b/2004/1xxx/CVE-2004-1423.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041229 php-Calendar File Include Vulnerability [ Command Exec ]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110434580716205&w=2" - }, - { - "name" : "20061021 Virtual Law Office (phpc_root_path) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449397/100/0/threaded" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00060-12292004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00060-12292004" - }, - { - "name" : "2608", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2608" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800" - }, - { - "name" : "12127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12127" - }, - { - "name" : "20657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20657" - }, - { - "name" : "ADV-2006-4145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4145" - }, - { - "name" : "1017107", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017107" - }, - { - "name" : "22516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22516" - }, - { - "name" : "php-calendar-file-include(18710)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18710" - }, - { - "name" : "vlo-phpcrootpath-file-include(29710)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017107", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017107" + }, + { + "name": "12127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12127" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00060-12292004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00060-12292004" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800" + }, + { + "name": "ADV-2006-4145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4145" + }, + { + "name": "20041229 php-Calendar File Include Vulnerability [ Command Exec ]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110434580716205&w=2" + }, + { + "name": "2608", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2608" + }, + { + "name": "20657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20657" + }, + { + "name": "vlo-phpcrootpath-file-include(29710)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29710" + }, + { + "name": "20061021 Virtual Law Office (phpc_root_path) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449397/100/0/threaded" + }, + { + "name": "22516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22516" + }, + { + "name": "php-calendar-file-include(18710)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18710" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1555.json b/2004/1xxx/CVE-2004-1555.json index 61d5c25d27a..d70af024057 100644 --- a/2004/1xxx/CVE-2004-1555.json +++ b/2004/1xxx/CVE-2004-1555.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040926 SQL injection in BroadBoard Instant ASP Message Board", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109630777608244&w=2" - }, - { - "name" : "11250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11250" - }, - { - "name" : "1011419", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011419" - }, - { - "name" : "12658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12658" - }, - { - "name" : "broadboard-forgotasp-sql-injection(17502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17502" - }, - { - "name" : "broadboard-profileasp-sql-injection(17500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17500" - }, - { - "name" : "broadboard-reg2asp-sql-injection(17501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17501" - }, - { - "name" : "broadboard-searchasp-sql-injection(17498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011419", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011419" + }, + { + "name": "broadboard-forgotasp-sql-injection(17502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17502" + }, + { + "name": "broadboard-profileasp-sql-injection(17500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17500" + }, + { + "name": "broadboard-searchasp-sql-injection(17498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17498" + }, + { + "name": "20040926 SQL injection in BroadBoard Instant ASP Message Board", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109630777608244&w=2" + }, + { + "name": "11250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11250" + }, + { + "name": "12658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12658" + }, + { + "name": "broadboard-reg2asp-sql-injection(17501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17501" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1583.json b/2004/1xxx/CVE-2004-1583.json index 426d557d803..45748795401 100644 --- a/2004/1xxx/CVE-2004-1583.json +++ b/2004/1xxx/CVE-2004-1583.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041006 Directory traversal in Tridcomm 1.3", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109709637732276&w=2" - }, - { - "name" : "20041006 Directory traversal in Tridcomm 1.3", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027195.html" - }, - { - "name" : "11343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11343" - }, - { - "name" : "12755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12755" - }, - { - "name" : "tridcomm-dotdot-directory-traversal(17631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12755" + }, + { + "name": "11343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11343" + }, + { + "name": "tridcomm-dotdot-directory-traversal(17631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17631" + }, + { + "name": "20041006 Directory traversal in Tridcomm 1.3", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109709637732276&w=2" + }, + { + "name": "20041006 Directory traversal in Tridcomm 1.3", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027195.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0267.json b/2008/0xxx/CVE-2008-0267.json index 5d4962fbb60..5328b6bf588 100644 --- a/2008/0xxx/CVE-2008-0267.json +++ b/2008/0xxx/CVE-2008-0267.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485835/100/0/threaded" - }, - { - "name" : "27173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27173" - }, - { - "name" : "28331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28331" - }, - { - "name" : "3542", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3542" - }, - { - "name" : "eticket-search-sql-injection(39489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489" - }, - { - "name" : "eticket-admin-sql-injection(39487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "eticket-admin-sql-injection(39487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487" + }, + { + "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded" + }, + { + "name": "eticket-search-sql-injection(39489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489" + }, + { + "name": "28331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28331" + }, + { + "name": "27173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27173" + }, + { + "name": "3542", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3542" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0489.json b/2008/0xxx/CVE-2008-0489.json index ebe1285c6d3..7d907a0c56d 100644 --- a/2008/0xxx/CVE-2008-0489.json +++ b/2008/0xxx/CVE-2008-0489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080127 ClanSphere 2007.4.4 Remote File Disclosure Vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487132/100/0/threaded" - }, - { - "name" : "27471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27471" - }, - { - "name" : "3597", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3597" - }, - { - "name" : "clansphere-install-directory-traversal(39977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3597", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3597" + }, + { + "name": "27471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27471" + }, + { + "name": "clansphere-install-directory-traversal(39977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39977" + }, + { + "name": "20080127 ClanSphere 2007.4.4 Remote File Disclosure Vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487132/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3279.json b/2008/3xxx/CVE-2008-3279.json index 7383520e13f..c33f6b9e886 100644 --- a/2008/3xxx/CVE-2008-3279.json +++ b/2008/3xxx/CVE-2008-3279.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=457942", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=457942" - }, - { - "name" : "RHSA-2010:0181", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0181.html" - }, - { - "name" : "oval:org.mitre.oval:def:11399", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11399" - }, - { - "name" : "39231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39231" - }, - { - "name" : "ADV-2010-0755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=457942", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457942" + }, + { + "name": "RHSA-2010:0181", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0181.html" + }, + { + "name": "ADV-2010-0755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0755" + }, + { + "name": "39231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39231" + }, + { + "name": "oval:org.mitre.oval:def:11399", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11399" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3457.json b/2008/3xxx/CVE-2008-3457.json index 93d5c00ee21..90ffa2bfae2 100644 --- a/2008/3xxx/CVE-2008-3457.json +++ b/2008/3xxx/CVE-2008-3457.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6" - }, - { - "name" : "DSA-1641", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1641" - }, - { - "name" : "FEDORA-2008-6810", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html" - }, - { - "name" : "FEDORA-2008-6868", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html" - }, - { - "name" : "MDVSA-2008:202", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:202" - }, - { - "name" : "SUSE-SR:2008:026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" - }, - { - "name" : "30420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30420" - }, - { - "name" : "ADV-2008-2226", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2226/references" - }, - { - "name" : "31263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31263" - }, - { - "name" : "31312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31312" - }, - { - "name" : "32834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32834" - }, - { - "name" : "phpmyadmin-setup-configinc-xss(44052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2008:202", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:202" + }, + { + "name": "FEDORA-2008-6868", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html" + }, + { + "name": "FEDORA-2008-6810", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf" + }, + { + "name": "32834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32834" + }, + { + "name": "ADV-2008-2226", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2226/references" + }, + { + "name": "phpmyadmin-setup-configinc-xss(44052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44052" + }, + { + "name": "DSA-1641", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1641" + }, + { + "name": "31312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31312" + }, + { + "name": "31263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31263" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6" + }, + { + "name": "30420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30420" + }, + { + "name": "SUSE-SR:2008:026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3484.json b/2008/3xxx/CVE-2008-3484.json index efae31c5184..5a56d73c064 100644 --- a/2008/3xxx/CVE-2008-3484.json +++ b/2008/3xxx/CVE-2008-3484.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6187", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6187" - }, - { - "name" : "30502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30502" - }, - { - "name" : "4109", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4109" - }, - { - "name" : "estoreaff-cid-sql-injection(44166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30502" + }, + { + "name": "4109", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4109" + }, + { + "name": "6187", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6187" + }, + { + "name": "estoreaff-cid-sql-injection(44166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44166" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3805.json b/2008/3xxx/CVE-2008-3805.json index 80f64e59459..7b153ca0288 100644 --- a/2008/3xxx/CVE-2008-3805.json +++ b/2008/3xxx/CVE-2008-3805.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-3805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646" - }, - { - "name" : "20080924 Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:5910", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5910" - }, - { - "name" : "1020935", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020935" - }, - { - "name" : "ADV-2008-2670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2670" - }, - { - "name" : "31990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31990" + }, + { + "name": "oval:org.mitre.oval:def:5910", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5910" + }, + { + "name": "1020935", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020935" + }, + { + "name": "ADV-2008-2670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2670" + }, + { + "name": "20080924 Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtml" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4013.json b/2008/4xxx/CVE-2008-4013.json index d24d2ab0c60..c351a9951fd 100644 --- a/2008/4xxx/CVE-2008-4013.json +++ b/2008/4xxx/CVE-2008-4013.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-4013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" - }, - { - "name" : "ADV-2008-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2825" - }, - { - "name" : "1021056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021056" - }, - { - "name" : "oracle-weblogic-webapps-unauth-access(45912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" + }, + { + "name": "1021056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021056" + }, + { + "name": "oracle-weblogic-webapps-unauth-access(45912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45912" + }, + { + "name": "ADV-2008-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2825" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4036.json b/2008/4xxx/CVE-2008-4036.json index d70852db596..ef37854508c 100644 --- a/2008/4xxx/CVE-2008-4036.json +++ b/2008/4xxx/CVE-2008-4036.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a \"memory allocation mapping error,\" aka \"Virtual Address Descriptor Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-4036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02379", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "SSRT080143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "MS08-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-064" - }, - { - "name" : "TA08-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" - }, - { - "name" : "31675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31675" - }, - { - "name" : "oval:org.mitre.oval:def:5343", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5343" - }, - { - "name" : "ADV-2008-2815", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2815" - }, - { - "name" : "1021051", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021051" - }, - { - "name" : "32251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32251" - }, - { - "name" : "win-ms08kb956841-update(45572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45572" - }, - { - "name" : "win-vad-privilege-escalation(45571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a \"memory allocation mapping error,\" aka \"Virtual Address Descriptor Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32251" + }, + { + "name": "SSRT080143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "ADV-2008-2815", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2815" + }, + { + "name": "1021051", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021051" + }, + { + "name": "HPSBST02379", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "MS08-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-064" + }, + { + "name": "win-vad-privilege-escalation(45571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45571" + }, + { + "name": "31675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31675" + }, + { + "name": "TA08-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" + }, + { + "name": "oval:org.mitre.oval:def:5343", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5343" + }, + { + "name": "win-ms08kb956841-update(45572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45572" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4074.json b/2008/4xxx/CVE-2008-4074.json index c5bb7aa1501..e361c8a7ff3 100644 --- a/2008/4xxx/CVE-2008-4074.json +++ b/2008/4xxx/CVE-2008-4074.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6433", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6433" - }, - { - "name" : "31137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31137" - }, - { - "name" : "4247", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4247" - }, - { - "name" : "autodealerscms-index-sql-injection(45049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45049" - }, - { - "name" : "autodealerscms-id-sql-injection(45200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "autodealerscms-index-sql-injection(45049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45049" + }, + { + "name": "6433", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6433" + }, + { + "name": "autodealerscms-id-sql-injection(45200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45200" + }, + { + "name": "4247", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4247" + }, + { + "name": "31137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31137" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4700.json b/2008/4xxx/CVE-2008-4700.json index e5c2266a0d1..6ff063dd91a 100644 --- a/2008/4xxx/CVE-2008-4700.json +++ b/2008/4xxx/CVE-2008-4700.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6416", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6416" - }, - { - "name" : "31102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31102" - }, - { - "name" : "31811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31811" - }, - { - "name" : "4472", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4472" - }, - { - "name" : "libera-admin-sql-injection(45011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4472", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4472" + }, + { + "name": "31811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31811" + }, + { + "name": "libera-admin-sql-injection(45011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45011" + }, + { + "name": "31102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31102" + }, + { + "name": "6416", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6416" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4874.json b/2008/4xxx/CVE-2008-4874.json index d80b1218b0e..9fa5d79b050 100644 --- a/2008/4xxx/CVE-2008-4874.json +++ b/2008/4xxx/CVE-2008-4874.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door \"service\" account with \"service\" as its password, which makes it easier for remote attackers to obtain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080214 Philips VOIP841 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488127/100/200/threaded" - }, - { - "name" : "20080215 Re: Philips VOIP841 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0227.html" - }, - { - "name" : "5113", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5113" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt" - }, - { - "name" : "27790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27790" - }, - { - "name" : "42940", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42940" - }, - { - "name" : "ADV-2008-0583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0583" - }, - { - "name" : "28978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28978" - }, - { - "name" : "4536", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door \"service\" account with \"service\" as its password, which makes it easier for remote attackers to obtain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5113", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5113" + }, + { + "name": "28978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28978" + }, + { + "name": "42940", + "refsource": "OSVDB", + "url": "http://osvdb.org/42940" + }, + { + "name": "27790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27790" + }, + { + "name": "ADV-2008-0583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0583" + }, + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt" + }, + { + "name": "20080214 Philips VOIP841 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488127/100/200/threaded" + }, + { + "name": "4536", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4536" + }, + { + "name": "20080215 Re: Philips VOIP841 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0227.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6368.json b/2008/6xxx/CVE-2008-6368.json index bce00a8aeb4..ba114080504 100644 --- a/2008/6xxx/CVE-2008-6368.json +++ b/2008/6xxx/CVE-2008-6368.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0811-exploits/chipmunkguestbook-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0811-exploits/chipmunkguestbook-sqlxss.txt" - }, - { - "name" : "18195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18195" - }, - { - "name" : "50343", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50343" - }, - { - "name" : "32907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32907" - }, - { - "name" : "chipmunk-index-sql-injection(46941)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18195" + }, + { + "name": "50343", + "refsource": "OSVDB", + "url": "http://osvdb.org/50343" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0811-exploits/chipmunkguestbook-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0811-exploits/chipmunkguestbook-sqlxss.txt" + }, + { + "name": "32907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32907" + }, + { + "name": "chipmunk-index-sql-injection(46941)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46941" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7096.json b/2008/7xxx/CVE-2008-7096.json index 9d827de13ad..cf0cdc2f6df 100644 --- a/2008/7xxx/CVE-2008-7096.json +++ b/2008/7xxx/CVE-2008-7096.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://invisiblethingslab.com/bh08/part2-full.pdf", - "refsource" : "MISC", - "url" : "http://invisiblethingslab.com/bh08/part2-full.pdf" - }, - { - "name" : "http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html", - "refsource" : "MISC", - "url" : "http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html" - }, - { - "name" : "http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html", - "refsource" : "MISC", - "url" : "http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html" - }, - { - "name" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr" - }, - { - "name" : "30823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30823" - }, - { - "name" : "49901", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49901" - }, - { - "name" : "intel-bios-smm-privilege-escalation(44676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html", + "refsource": "MISC", + "url": "http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html" + }, + { + "name": "http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html", + "refsource": "MISC", + "url": "http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html" + }, + { + "name": "30823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30823" + }, + { + "name": "http://invisiblethingslab.com/bh08/part2-full.pdf", + "refsource": "MISC", + "url": "http://invisiblethingslab.com/bh08/part2-full.pdf" + }, + { + "name": "intel-bios-smm-privilege-escalation(44676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44676" + }, + { + "name": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr", + "refsource": "CONFIRM", + "url": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr" + }, + { + "name": "49901", + "refsource": "OSVDB", + "url": "http://osvdb.org/49901" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2094.json b/2013/2xxx/CVE-2013-2094.json index 070e597cf44..7ba484dbafb 100644 --- a/2013/2xxx/CVE-2013-2094.json +++ b/2013/2xxx/CVE-2013-2094.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33589", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33589" - }, - { - "name" : "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing", - "refsource" : "MLIST", - "url" : "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html" - }, - { - "name" : "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing", - "refsource" : "MLIST", - "url" : "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html" - }, - { - "name" : "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing", - "refsource" : "MLIST", - "url" : "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html" - }, - { - "name" : "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/14/6" - }, - { - "name" : "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue", - "refsource" : "MLIST", - "url" : "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html" - }, - { - "name" : "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update", - "refsource" : "MLIST", - "url" : "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html" - }, - { - "name" : "http://news.ycombinator.com/item?id=5703758", - "refsource" : "MISC", - "url" : "http://news.ycombinator.com/item?id=5703758" - }, - { - "name" : "http://packetstormsecurity.com/files/121616/semtex.c", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121616/semtex.c" - }, - { - "name" : "http://twitter.com/djrbliss/statuses/334301992648331267", - "refsource" : "MISC", - "url" : "http://twitter.com/djrbliss/statuses/334301992648331267" - }, - { - "name" : "http://www.reddit.com/r/netsec/comments/1eb9iw", - "refsource" : "MISC", - "url" : "http://www.reddit.com/r/netsec/comments/1eb9iw" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=962792", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=962792" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "RHSA-2013:0830", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0830.html" - }, - { - "name" : "SUSE-SU-2013:0819", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html" - }, - { - "name" : "openSUSE-SU-2013:0847", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0951", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html" - }, - { - "name" : "openSUSE-SU-2013:1042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html" - }, - { - "name" : "USN-1825-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1825-1" - }, - { - "name" : "USN-1826-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1826-1" - }, - { - "name" : "USN-1827-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1827-1" - }, - { - "name" : "USN-1828-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1828-1" - }, - { - "name" : "USN-1836-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1836-1" - }, - { - "name" : "USN-1838-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1838-1" - }, - { - "name" : "93361", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0847", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing", + "refsource": "MLIST", + "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html" + }, + { + "name": "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing", + "refsource": "MLIST", + "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html" + }, + { + "name": "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update", + "refsource": "MLIST", + "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html" + }, + { + "name": "USN-1826-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1826-1" + }, + { + "name": "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing", + "refsource": "MLIST", + "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html" + }, + { + "name": "USN-1838-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1838-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=962792", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792" + }, + { + "name": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9" + }, + { + "name": "USN-1828-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1828-1" + }, + { + "name": "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue", + "refsource": "MLIST", + "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html" + }, + { + "name": "USN-1827-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1827-1" + }, + { + "name": "USN-1836-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1836-1" + }, + { + "name": "93361", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93361" + }, + { + "name": "33589", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33589" + }, + { + "name": "RHSA-2013:0830", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html" + }, + { + "name": "http://news.ycombinator.com/item?id=5703758", + "refsource": "MISC", + "url": "http://news.ycombinator.com/item?id=5703758" + }, + { + "name": "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/14/6" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f" + }, + { + "name": "SUSE-SU-2013:0819", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html" + }, + { + "name": "http://packetstormsecurity.com/files/121616/semtex.c", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121616/semtex.c" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + }, + { + "name": "http://twitter.com/djrbliss/statuses/334301992648331267", + "refsource": "MISC", + "url": "http://twitter.com/djrbliss/statuses/334301992648331267" + }, + { + "name": "http://www.reddit.com/r/netsec/comments/1eb9iw", + "refsource": "MISC", + "url": "http://www.reddit.com/r/netsec/comments/1eb9iw" + }, + { + "name": "openSUSE-SU-2013:1042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html" + }, + { + "name": "USN-1825-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1825-1" + }, + { + "name": "openSUSE-SU-2013:0951", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2408.json b/2013/2xxx/CVE-2013-2408.json index 657f99344a3..6e9f5840a2c 100644 --- a/2013/2xxx/CVE-2013-2408.json +++ b/2013/2xxx/CVE-2013-2408.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2461.json b/2013/2xxx/CVE-2013-2461.json index d721eab9c7f..902b417b89d 100644 --- a/2013/2xxx/CVE-2013-2461.json +++ b/2013/2xxx/CVE-2013-2461.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a \"Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975126", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975126" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2013-0185.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2013-0185.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "MDVSA-2013:183", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60645" - }, - { - "name" : "oval:org.mitre.oval:def:16887", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16887" - }, - { - "name" : "oval:org.mitre.oval:def:19565", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19565" - }, - { - "name" : "oval:org.mitre.oval:def:19582", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19582" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a \"Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "oval:org.mitre.oval:def:16887", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16887" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "oval:org.mitre.oval:def:19582", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19582" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:19565", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19565" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "http://advisories.mageia.org/MGASA-2013-0185.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2013-0185.html" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "60645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60645" + }, + { + "name": "MDVSA-2013:183", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975126", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975126" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2559.json b/2013/2xxx/CVE-2013-2559.json index 0cc7181125a..fe2b2ee08bc 100644 --- a/2013/2xxx/CVE-2013-2559.json +++ b/2013/2xxx/CVE-2013-2559.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130403 SQL Injection Vulnerability in Symphony", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23148", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23148" - }, - { - "name" : "http://www.getsymphony.com/download/releases/version/2.3.2", - "refsource" : "CONFIRM", - "url" : "http://www.getsymphony.com/download/releases/version/2.3.2" - }, - { - "name" : "https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468", - "refsource" : "CONFIRM", - "url" : "https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468" - }, - { - "name" : "58843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58843" - }, - { - "name" : "symphony-sort-sql-injection(83227)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "symphony-sort-sql-injection(83227)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83227" + }, + { + "name": "20130403 SQL Injection Vulnerability in Symphony", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23148", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23148" + }, + { + "name": "58843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58843" + }, + { + "name": "https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468", + "refsource": "CONFIRM", + "url": "https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468" + }, + { + "name": "http://www.getsymphony.com/download/releases/version/2.3.2", + "refsource": "CONFIRM", + "url": "http://www.getsymphony.com/download/releases/version/2.3.2" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2822.json b/2013/2xxx/CVE-2013-2822.json index 69fc13538d4..7d7e07a8c3b 100644 --- a/2013/2xxx/CVE-2013-2822.json +++ b/2013/2xxx/CVE-2013-2822.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2993.json b/2013/2xxx/CVE-2013-2993.json index 1022c1c18dd..8401236ceda 100644 --- a/2013/2xxx/CVE-2013-2993.json +++ b/2013/2xxx/CVE-2013-2993.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-2993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644391", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644391" - }, - { - "name" : "JR45302", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302" - }, - { - "name" : "websphere-commerce-cve20132993-auth(84031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR45302", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644391", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644391" + }, + { + "name": "websphere-commerce-cve20132993-auth(84031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84031" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6118.json b/2013/6xxx/CVE-2013-6118.json index b59e4a4a885..714d0b5a6bf 100644 --- a/2013/6xxx/CVE-2013-6118.json +++ b/2013/6xxx/CVE-2013-6118.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6118", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6118", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6316.json b/2013/6xxx/CVE-2013-6316.json index bdaeabc4ba0..584a6575dd8 100644 --- a/2013/6xxx/CVE-2013-6316.json +++ b/2013/6xxx/CVE-2013-6316.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660011", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660011" - }, - { - "name" : "PI04897", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897" - }, - { - "name" : "64492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64492" - }, - { - "name" : "101270", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101270" - }, - { - "name" : "ibm-wsportal-cve20136316-taxonomy(88597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64492" + }, + { + "name": "ibm-wsportal-cve20136316-taxonomy(88597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597" + }, + { + "name": "101270", + "refsource": "OSVDB", + "url": "http://osvdb.org/101270" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011" + }, + { + "name": "PI04897", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6466.json b/2013/6xxx/CVE-2013-6466.json index afc35124b34..9456bf71c86 100644 --- a/2013/6xxx/CVE-2013-6466.json +++ b/2013/6xxx/CVE-2013-6466.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt", - "refsource" : "MISC", - "url" : "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt" - }, - { - "name" : "https://cert.vde.com/en-us/advisories/vde-2017-001", - "refsource" : "CONFIRM", - "url" : "https://cert.vde.com/en-us/advisories/vde-2017-001" - }, - { - "name" : "DSA-2893", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2893" - }, - { - "name" : "RHSA-2014:0185", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0185.html" - }, - { - "name" : "65155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65155" - }, - { - "name" : "openswan-cve20136466-dos(90524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt", + "refsource": "MISC", + "url": "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt" + }, + { + "name": "65155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65155" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2017-001", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2017-001" + }, + { + "name": "RHSA-2014:0185", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0185.html" + }, + { + "name": "DSA-2893", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2893" + }, + { + "name": "openswan-cve20136466-dos(90524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90524" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7431.json b/2013/7xxx/CVE-2013-7431.json index bc4426b6ee1..866052b991c 100644 --- a/2013/7xxx/CVE-2013-7431.json +++ b/2013/7xxx/CVE-2013-7431.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150226 Re: CVE request: Joomla Google Maps Plugin", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/26/11" - }, - { - "name" : "http://securityvulns.ru/docs29645.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/docs29645.html" - }, - { - "name" : "http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html", - "refsource" : "CONFIRM", - "url" : "http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html", + "refsource": "CONFIRM", + "url": "http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html" + }, + { + "name": "http://securityvulns.ru/docs29645.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/docs29645.html" + }, + { + "name": "[oss-security] 20150226 Re: CVE request: Joomla Google Maps Plugin", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/26/11" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10111.json b/2017/10xxx/CVE-2017-10111.json index 14d6192d5cc..8e113593f5a 100644 --- a/2017/10xxx/CVE-2017-10111.json +++ b/2017/10xxx/CVE-2017-10111.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 8u131; Java SE Embedded: 8u131" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 8u131; Java SE Embedded: 8u131" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" - }, - { - "name" : "DSA-3919", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3919" - }, - { - "name" : "GLSA-201709-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-22" - }, - { - "name" : "RHSA-2017:1789", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1789" - }, - { - "name" : "RHSA-2017:1790", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1790" - }, - { - "name" : "99707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99707" - }, - { - "name" : "1038931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1790", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1790" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" + }, + { + "name": "RHSA-2017:1789", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1789" + }, + { + "name": "1038931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038931" + }, + { + "name": "GLSA-201709-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-22" + }, + { + "name": "99707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99707" + }, + { + "name": "DSA-3919", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3919" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10658.json b/2017/10xxx/CVE-2017-10658.json index cae84071a31..deb905a56e7 100644 --- a/2017/10xxx/CVE-2017-10658.json +++ b/2017/10xxx/CVE-2017-10658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10658", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-10658", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10830.json b/2017/10xxx/CVE-2017-10830.json index ec10284f1ca..73495381242 100644 --- a/2017/10xxx/CVE-2017-10830.json +++ b/2017/10xxx/CVE-2017-10830.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Setup Tool", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Setup Tool", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://f-security.jp/v6/support/information/100161.html", - "refsource" : "MISC", - "url" : "http://f-security.jp/v6/support/information/100161.html" - }, - { - "name" : "JVN#36303528", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN36303528/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#36303528", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN36303528/index.html" + }, + { + "name": "http://f-security.jp/v6/support/information/100161.html", + "refsource": "MISC", + "url": "http://f-security.jp/v6/support/information/100161.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14010.json b/2017/14xxx/CVE-2017-14010.json index b51b56ba91c..9fa809b7988 100644 --- a/2017/14xxx/CVE-2017-14010.json +++ b/2017/14xxx/CVE-2017-14010.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2017-10-19T00:00:00", - "ID" : "CVE-2017-14010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MicroBrowser", - "version" : { - "version_data" : [ - { - "version_value" : "MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "SpiderControl" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2017-10-19T00:00:00", + "ID": "CVE-2017-14010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MicroBrowser", + "version": { + "version_data": [ + { + "version_value": "MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior." + } + ] + } + } + ] + }, + "vendor_name": "SpiderControl" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://spidercontrol.net/download/downloadarea/?lang=en", - "refsource" : "MISC", - "url" : "http://spidercontrol.net/download/downloadarea/?lang=en" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01" - }, - { - "name" : "101505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01" + }, + { + "name": "http://spidercontrol.net/download/downloadarea/?lang=en", + "refsource": "MISC", + "url": "http://spidercontrol.net/download/downloadarea/?lang=en" + }, + { + "name": "101505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101505" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14234.json b/2017/14xxx/CVE-2017-14234.json index 8d77953dace..2a0ff25d4f0 100644 --- a/2017/14xxx/CVE-2017-14234.json +++ b/2017/14xxx/CVE-2017-14234.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14234", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14234", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14532.json b/2017/14xxx/CVE-2017-14532.json index 560cfed7fd9..ec5e78c1a55 100644 --- a/2017/14xxx/CVE-2017-14532.json +++ b/2017/14xxx/CVE-2017-14532.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/719", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/719" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "100883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/719", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/719" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "100883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100883" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14634.json b/2017/14xxx/CVE-2017-14634.json index ec3f68e0872..74d3deddbf3 100644 --- a/2017/14xxx/CVE-2017-14634.json +++ b/2017/14xxx/CVE-2017-14634.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" - }, - { - "name" : "https://github.com/erikd/libsndfile/issues/318", - "refsource" : "MISC", - "url" : "https://github.com/erikd/libsndfile/issues/318" - }, - { - "name" : "GLSA-201811-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-23" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/erikd/libsndfile/issues/318", + "refsource": "MISC", + "url": "https://github.com/erikd/libsndfile/issues/318" + }, + { + "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" + }, + { + "name": "GLSA-201811-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-23" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14889.json b/2017/14xxx/CVE-2017-14889.json index 73f42803923..fffee9a3566 100644 --- a/2017/14xxx/CVE-2017-14889.json +++ b/2017/14xxx/CVE-2017-14889.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-14889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-14889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15214.json b/2017/15xxx/CVE-2017-15214.json index b3150ad6cac..11711c8dacc 100644 --- a/2017/15xxx/CVE-2017-15214.json +++ b/2017/15xxx/CVE-2017-15214.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/07/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/07/1" - }, - { - "name" : "https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc", - "refsource" : "MISC", - "url" : "https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc" - }, - { - "name" : "https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6", - "refsource" : "MISC", - "url" : "https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6", + "refsource": "MISC", + "url": "https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/07/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/07/1" + }, + { + "name": "https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc", + "refsource": "MISC", + "url": "https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15220.json b/2017/15xxx/CVE-2017-15220.json index f8656663e19..890880dc78c 100644 --- a/2017/15xxx/CVE-2017-15220.json +++ b/2017/15xxx/CVE-2017-15220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42973", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42973/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42973", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42973/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15248.json b/2017/15xxx/CVE-2017-15248.json index 3b230107a3c..17824a8411d 100644 --- a/2017/15xxx/CVE-2017-15248.json +++ b/2017/15xxx/CVE-2017-15248.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15248", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15248", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15248" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15673.json b/2017/15xxx/CVE-2017-15673.json index 423e6eb987a..ef5065f72a3 100644 --- a/2017/15xxx/CVE-2017-15673.json +++ b/2017/15xxx/CVE-2017-15673.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15734.json b/2017/15xxx/CVE-2017-15734.json index 1804e009a3c..c92bf5fee83 100644 --- a/2017/15xxx/CVE-2017-15734.json +++ b/2017/15xxx/CVE-2017-15734.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77", - "refsource" : "CONFIRM", - "url" : "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77", + "refsource": "CONFIRM", + "url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9523.json b/2017/9xxx/CVE-2017-9523.json index a7cd26ecc76..81bf4b8d699 100644 --- a/2017/9xxx/CVE-2017-9523.json +++ b/2017/9xxx/CVE-2017-9523.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html", - "refsource" : "CONFIRM", - "url" : "http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html" - }, - { - "name" : "99016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html", + "refsource": "CONFIRM", + "url": "http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html" + }, + { + "name": "99016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99016" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9682.json b/2017/9xxx/CVE-2017-9682.json index 69baead9a35..baa7b9d25e2 100644 --- a/2017/9xxx/CVE-2017-9682.json +++ b/2017/9xxx/CVE-2017-9682.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-06-01T00:00:00", - "ID" : "CVE-2017-9682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Graphics" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-06-01T00:00:00", + "ID": "CVE-2017-9682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "100213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Graphics" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "100213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100213" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0271.json b/2018/0xxx/CVE-2018-0271.json index c5f7b4422a2..1b81ec3628b 100644 --- a/2018/0xxx/CVE-2018-0271.json +++ b/2018/0xxx/CVE-2018-0271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Digital Network Architecture Center", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Digital Network Architecture Center" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Digital Network Architecture Center", + "version": { + "version_data": [ + { + "version_value": "Cisco Digital Network Architecture Center" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2" - }, - { - "name" : "104191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104191" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0425.json b/2018/0xxx/CVE-2018-0425.json index b42fd6c4992..61b8a11a4b8 100644 --- a/2018/0xxx/CVE-2018-0425.json +++ b/2018/0xxx/CVE-2018-0425.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-05T16:00:00-0500", - "ID" : "CVE-2018-0425", - "STATE" : "PUBLIC", - "TITLE" : "Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco RV130W Wireless-N Multifunction VPN Router Firmware ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.5", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-05T16:00:00-0500", + "ID": "CVE-2018-0425", + "STATE": "PUBLIC", + "TITLE": "Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco RV130W Wireless-N Multifunction VPN Router Firmware ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180905 Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure" - }, - { - "name" : "1041676", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041676" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180905-rv-routers-disclosure", - "defect" : [ - [ - "CSCvj23227", - "CSCvj42744", - "CSCvj42746" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180905 Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure" + }, + { + "name": "1041676", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041676" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180905-rv-routers-disclosure", + "defect": [ + [ + "CSCvj23227", + "CSCvj42744", + "CSCvj42746" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0481.json b/2018/0xxx/CVE-2018-0481.json index 374f55bc3e1..f93c1848684 100644 --- a/2018/0xxx/CVE-2018-0481.json +++ b/2018/0xxx/CVE-2018-0481.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-26T16:00:00-0500", - "ID" : "CVE-2018-0481", - "STATE" : "PUBLIC", - "TITLE" : "Cisco IOS XE Software Command Injection Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE Software", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.7", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-26T16:00:00-0500", + "ID": "CVE-2018-0481", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Command Injection Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180926 Cisco IOS XE Software Command Injection Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj" - }, - { - "name" : "1041737", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041737" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180926-iosxe-cmdinj", - "defect" : [ - [ - "CSCvh02919", - "CSCvh54202" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.7", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180926 Cisco IOS XE Software Command Injection Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj" + }, + { + "name": "1041737", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041737" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180926-iosxe-cmdinj", + "defect": [ + [ + "CSCvh02919", + "CSCvh54202" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0523.json b/2018/0xxx/CVE-2018-0523.json index 314d3881ba6..e08090907bb 100644 --- a/2018/0xxx/CVE-2018-0523.json +++ b/2018/0xxx/CVE-2018-0523.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WXR-1900DHP2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware Ver.2.48 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "BUFFALO INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WXR-1900DHP2", + "version": { + "version_data": [ + { + "version_value": "firmware Ver.2.48 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "BUFFALO INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://buffalo.jp/support_s/s20180223.html", - "refsource" : "CONFIRM", - "url" : "http://buffalo.jp/support_s/s20180223.html" - }, - { - "name" : "JVN#97144273", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN97144273/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://buffalo.jp/support_s/s20180223.html", + "refsource": "CONFIRM", + "url": "http://buffalo.jp/support_s/s20180223.html" + }, + { + "name": "JVN#97144273", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN97144273/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0687.json b/2018/0xxx/CVE-2018-0687.json index c12b1a1209f..59004f1df09 100755 --- a/2018/0xxx/CVE-2018-0687.json +++ b/2018/0xxx/CVE-2018-0687.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)", - "version" : { - "version_data" : [ - { - "version_value" : "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NEOJAPAN Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)", + "version": { + "version_data": [ + { + "version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEOJAPAN Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.denbun.com/en/imap/support/security/181003.html", - "refsource" : "MISC", - "url" : "https://www.denbun.com/en/imap/support/security/181003.html" - }, - { - "name" : "https://www.denbun.com/en/pop/support/security/181003.html", - "refsource" : "MISC", - "url" : "https://www.denbun.com/en/pop/support/security/181003.html" - }, - { - "name" : "JVN#00344155", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN00344155/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.denbun.com/en/pop/support/security/181003.html", + "refsource": "MISC", + "url": "https://www.denbun.com/en/pop/support/security/181003.html" + }, + { + "name": "JVN#00344155", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN00344155/index.html" + }, + { + "name": "https://www.denbun.com/en/imap/support/security/181003.html", + "refsource": "MISC", + "url": "https://www.denbun.com/en/imap/support/security/181003.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0902.json b/2018/0xxx/CVE-2018-0902.json index bddff708e33..4a3d4688664 100644 --- a/2018/0xxx/CVE-2018-0902.json +++ b/2018/0xxx/CVE-2018-0902.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cryptography Next Generation (CNG) kernel-mode driver (cng.sys)", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka \"Windows Security Feature Bypass Vulnerability\". This CVE is unique from CVE-2018-0884." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cryptography Next Generation (CNG) kernel-mode driver (cng.sys)", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902" - }, - { - "name" : "103266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103266" - }, - { - "name" : "1040520", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka \"Windows Security Feature Bypass Vulnerability\". This CVE is unique from CVE-2018-0884." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902" + }, + { + "name": "103266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103266" + }, + { + "name": "1040520", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040520" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000151.json b/2018/1000xxx/CVE-2018-1000151.json index 8a21da7352b..db7e9f439a3 100644 --- a/2018/1000xxx/CVE-2018-1000151.json +++ b/2018/1000xxx/CVE-2018-1000151.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-05", - "ID" : "CVE-2018-1000151", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins vSphere Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.16 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-05", + "ID": "CVE-2018-1000151", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16100.json b/2018/16xxx/CVE-2018-16100.json index 169ff14bad6..86560f78b76 100644 --- a/2018/16xxx/CVE-2018-16100.json +++ b/2018/16xxx/CVE-2018-16100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16100", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16100", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16115.json b/2018/16xxx/CVE-2018-16115.json index 53b382c3db7..0a5673cd007 100644 --- a/2018/16xxx/CVE-2018-16115.json +++ b/2018/16xxx/CVE-2018-16115.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html", - "refsource" : "MISC", - "url" : "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html", + "refsource": "MISC", + "url": "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16455.json b/2018/16xxx/CVE-2018-16455.json index efe8cbe5dd2..a183d672d30 100644 --- a/2018/16xxx/CVE-2018-16455.json +++ b/2018/16xxx/CVE-2018-16455.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://googlequeens.com/2018/09/04/cve-2018-16455-market-place-script-1-0-1-stored-xss-via-search-by-keyword/", - "refsource" : "MISC", - "url" : "https://googlequeens.com/2018/09/04/cve-2018-16455-market-place-script-1-0-1-stored-xss-via-search-by-keyword/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://googlequeens.com/2018/09/04/cve-2018-16455-market-place-script-1-0-1-stored-xss-via-search-by-keyword/", + "refsource": "MISC", + "url": "https://googlequeens.com/2018/09/04/cve-2018-16455-market-place-script-1-0-1-stored-xss-via-search-by-keyword/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16509.json b/2018/16xxx/CVE-2018-16509.json index e18895a7301..3f92b9f49de 100644 --- a/2018/16xxx/CVE-2018-16509.json +++ b/2018/16xxx/CVE-2018-16509.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45369", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45369/" - }, - { - "name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31" - }, - { - "name" : "http://seclists.org/oss-sec/2018/q3/142", - "refsource" : "MISC", - "url" : "http://seclists.org/oss-sec/2018/q3/142" - }, - { - "name" : "https://www.artifex.com/news/ghostscript-security-resolved/", - "refsource" : "MISC", - "url" : "https://www.artifex.com/news/ghostscript-security-resolved/" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699654", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699654" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764" - }, - { - "name" : "DSA-4294", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4294" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "RHSA-2018:2918", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2918" - }, - { - "name" : "RHSA-2018:3760", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3760" - }, - { - "name" : "USN-3768-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3768-1/" - }, - { - "name" : "105122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5" + }, + { + "name": "45369", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45369/" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699654", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699654" + }, + { + "name": "RHSA-2018:2918", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2918" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31" + }, + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "USN-3768-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3768-1/" + }, + { + "name": "https://www.artifex.com/news/ghostscript-security-resolved/", + "refsource": "MISC", + "url": "https://www.artifex.com/news/ghostscript-security-resolved/" + }, + { + "name": "RHSA-2018:3760", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3760" + }, + { + "name": "http://seclists.org/oss-sec/2018/q3/142", + "refsource": "MISC", + "url": "http://seclists.org/oss-sec/2018/q3/142" + }, + { + "name": "DSA-4294", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4294" + }, + { + "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" + }, + { + "name": "105122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105122" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19912.json b/2018/19xxx/CVE-2018-19912.json index 4c45932a276..620f1e71f7b 100644 --- a/2018/19xxx/CVE-2018-19912.json +++ b/2018/19xxx/CVE-2018-19912.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19912", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19912", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4795.json b/2018/4xxx/CVE-2018-4795.json index e9c6428f046..ff93f83f9e9 100644 --- a/2018/4xxx/CVE-2018-4795.json +++ b/2018/4xxx/CVE-2018-4795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4795", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4795", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4868.json b/2018/4xxx/CVE-2018-4868.json index 63405f09eb5..991ce49b0d3 100644 --- a/2018/4xxx/CVE-2018-4868.json +++ b/2018/4xxx/CVE-2018-4868.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exiv2/exiv2/issues/202", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/202" - }, - { - "name" : "102477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exiv2/exiv2/issues/202", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/202" + }, + { + "name": "102477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102477" + } + ] + } +} \ No newline at end of file diff --git a/2018/558xxx/CVE-2018-558213.json b/2018/558xxx/CVE-2018-558213.json index 539225234c7..1d14230f76b 100644 --- a/2018/558xxx/CVE-2018-558213.json +++ b/2018/558xxx/CVE-2018-558213.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-558213", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of CVE-2018-15727. Notes: All CVE users should reference CVE-2018-15727 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-558213", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of CVE-2018-15727. Notes: All CVE users should reference CVE-2018-15727 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file