diff --git a/2008/0xxx/CVE-2008-0789.json b/2008/0xxx/CVE-2008-0789.json index f6bc68e9a49..4c3d9105be2 100644 --- a/2008/0xxx/CVE-2008-0789.json +++ b/2008/0xxx/CVE-2008-0789.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 LI-countdown SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488017/100/0/threaded" - }, - { - "name" : "27753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27753" - }, - { - "name" : "3655", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080212 LI-countdown SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488017/100/0/threaded" + }, + { + "name": "27753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27753" + }, + { + "name": "3655", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3655" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1298.json b/2008/1xxx/CVE-2008-1298.json index fad4f133fa6..717a74fb3b3 100644 --- a/2008/1xxx/CVE-2008-1298.json +++ b/2008/1xxx/CVE-2008-1298.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080308 PHP-Nuke SQL injection Module \"Hadith\" [cat]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489323/100/0/threaded" - }, - { - "name" : "http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3078", - "refsource" : "MISC", - "url" : "http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3078" - }, - { - "name" : "28171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28171" - }, - { - "name" : "29322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29322" - }, - { - "name" : "3730", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3730" - }, - { - "name" : "hadith-cat-sql-injection(41092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080308 PHP-Nuke SQL injection Module \"Hadith\" [cat]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489323/100/0/threaded" + }, + { + "name": "hadith-cat-sql-injection(41092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41092" + }, + { + "name": "28171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28171" + }, + { + "name": "3730", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3730" + }, + { + "name": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3078", + "refsource": "MISC", + "url": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3078" + }, + { + "name": "29322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29322" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1533.json b/2008/1xxx/CVE-2008-1533.json index d0bc11392bc..d2bbee718ed 100644 --- a/2008/1xxx/CVE-2008-1533.json +++ b/2008/1xxx/CVE-2008-1533.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/4560/1/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/4560/1/" - }, - { - "name" : "27719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27719" - }, - { - "name" : "28861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28861" - }, - { - "name" : "joomla-xmlrpc-data-manipulation(41563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "joomla-xmlrpc-data-manipulation(41563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41563" + }, + { + "name": "28861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28861" + }, + { + "name": "27719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27719" + }, + { + "name": "http://www.joomla.org/content/view/4560/1/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/4560/1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1651.json b/2008/1xxx/CVE-2008-1651.json index f7a924ad3ec..542b0cd3584 100644 --- a/2008/1xxx/CVE-2008-1651.json +++ b/2008/1xxx/CVE-2008-1651.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490338/100/0/threaded" - }, - { - "name" : "5333", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5333" - }, - { - "name" : "28542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28542" - }, - { - "name" : "29624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29624" - }, - { - "name" : "3793", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3793" - }, - { - "name" : "easynews-login-file-include(41589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5333", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5333" + }, + { + "name": "28542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28542" + }, + { + "name": "29624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29624" + }, + { + "name": "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490338/100/0/threaded" + }, + { + "name": "easynews-login-file-include(41589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41589" + }, + { + "name": "3793", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3793" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1768.json b/2008/1xxx/CVE-2008-1768.json index b560f15474b..0af881bcc14 100644 --- a/2008/1xxx/CVE-2008-1768.json +++ b/2008/1xxx/CVE-2008-1768.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.videolan.org/developers/vlc/NEWS", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/developers/vlc/NEWS" - }, - { - "name" : "http://www.videolan.org/security/sa0803.php", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa0803.php" - }, - { - "name" : "http://wiki.videolan.org/Changelog/0.8.6f", - "refsource" : "CONFIRM", - "url" : "http://wiki.videolan.org/Changelog/0.8.6f" - }, - { - "name" : "GLSA-200804-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-25.xml" - }, - { - "name" : "28903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28903" - }, - { - "name" : "oval:org.mitre.oval:def:14412", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412" - }, - { - "name" : "29800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29800" - }, - { - "name" : "29503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29503" - }, - { - "name" : "ADV-2008-0985", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.videolan.org/security/sa0803.php", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa0803.php" + }, + { + "name": "28903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28903" + }, + { + "name": "http://www.videolan.org/developers/vlc/NEWS", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/developers/vlc/NEWS" + }, + { + "name": "GLSA-200804-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml" + }, + { + "name": "http://wiki.videolan.org/Changelog/0.8.6f", + "refsource": "CONFIRM", + "url": "http://wiki.videolan.org/Changelog/0.8.6f" + }, + { + "name": "oval:org.mitre.oval:def:14412", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412" + }, + { + "name": "29800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29800" + }, + { + "name": "29503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29503" + }, + { + "name": "ADV-2008-0985", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0985" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3458.json b/2008/3xxx/CVE-2008-3458.json index 2f92f7542a7..43305b74c5a 100644 --- a/2008/3xxx/CVE-2008-3458.json +++ b/2008/3xxx/CVE-2008-3458.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811", - "refsource" : "MISC", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=567189", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=567189" - }, - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107" - }, - { - "name" : "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes", - "refsource" : "CONFIRM", - "url" : "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes" - }, - { - "name" : "27228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27228" - }, - { - "name" : "40218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/40218" - }, - { - "name" : "28370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27228" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=567189", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=567189" + }, + { + "name": "40218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/40218" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107" + }, + { + "name": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes", + "refsource": "CONFIRM", + "url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes" + }, + { + "name": "28370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28370" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811", + "refsource": "MISC", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3830.json b/2008/3xxx/CVE-2008-3830.json index d3f26e7bcfd..17d0400d528 100644 --- a/2008/3xxx/CVE-2008-3830.json +++ b/2008/3xxx/CVE-2008-3830.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000", - "refsource" : "CONFIRM", - "url" : "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000" - }, - { - "name" : "FEDORA-2008-8733", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html" - }, - { - "name" : "RHSA-2008:0911", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0911.html" - }, - { - "name" : "RHSA-2008:0924", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0924.html" - }, - { - "name" : "31621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31621" - }, - { - "name" : "ADV-2008-2760", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2760" - }, - { - "name" : "1021002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021002" - }, - { - "name" : "32189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32189" - }, - { - "name" : "32193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32193" - }, - { - "name" : "32232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000", + "refsource": "CONFIRM", + "url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000" + }, + { + "name": "1021002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021002" + }, + { + "name": "RHSA-2008:0924", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html" + }, + { + "name": "32232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32232" + }, + { + "name": "32189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32189" + }, + { + "name": "31621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31621" + }, + { + "name": "FEDORA-2008-8733", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html" + }, + { + "name": "32193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32193" + }, + { + "name": "RHSA-2008:0911", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html" + }, + { + "name": "ADV-2008-2760", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2760" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3865.json b/2008/3xxx/CVE-2008-3865.json index 24eb590ce1f..de0084cc7ad 100644 --- a/2008/3xxx/CVE-2008-3865.json +++ b/2008/3xxx/CVE-2008-3865.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-3865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500195/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-42/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-42/" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt" - }, - { - "name" : "33358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33358" - }, - { - "name" : "ADV-2009-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0191" - }, - { - "name" : "1021614", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021614" - }, - { - "name" : "1021615", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021615" - }, - { - "name" : "31160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31160" - }, - { - "name" : "33609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33609" - }, - { - "name" : "4937", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4937" - }, - { - "name" : "tmpfw-apithread-bo(48107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021615", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021615" + }, + { + "name": "http://secunia.com/secunia_research/2008-42/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-42/" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt" + }, + { + "name": "tmpfw-apithread-bo(48107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107" + }, + { + "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded" + }, + { + "name": "33358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33358" + }, + { + "name": "ADV-2009-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0191" + }, + { + "name": "33609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33609" + }, + { + "name": "4937", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4937" + }, + { + "name": "31160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31160" + }, + { + "name": "1021614", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021614" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4175.json b/2008/4xxx/CVE-2008-4175.json index 846b855012b..1296a5b4937 100644 --- a/2008/4xxx/CVE-2008-4175.json +++ b/2008/4xxx/CVE-2008-4175.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6466", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6466" - }, - { - "name" : "31191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31191" - }, - { - "name" : "31853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31853" - }, - { - "name" : "4299", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4299" - }, - { - "name" : "linkbidscript-upgrade-sql-injection(45153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45153" - }, - { - "name" : "linkbidscript-edit-sql-injection(45155)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linkbidscript-upgrade-sql-injection(45153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45153" + }, + { + "name": "linkbidscript-edit-sql-injection(45155)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45155" + }, + { + "name": "6466", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6466" + }, + { + "name": "31853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31853" + }, + { + "name": "31191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31191" + }, + { + "name": "4299", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4299" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4300.json b/2008/4xxx/CVE-2008-4300.json index 1aa6f50642f..bfd55da7986 100644 --- a/2008/4xxx/CVE-2008-4300.json +++ b/2008/4xxx/CVE-2008-4300.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080924 Internet Information Service (adsiis.dll) activex remote DOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496696/100/0/threaded" - }, - { - "name" : "4325", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4325" - }, - { - "name" : "iis-adsiis-activex-dos(45584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080924 Internet Information Service (adsiis.dll) activex remote DOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496696/100/0/threaded" + }, + { + "name": "iis-adsiis-activex-dos(45584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45584" + }, + { + "name": "4325", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4325" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4557.json b/2008/4xxx/CVE-2008-4557.json index da1b7921aba..365b3bfc2f1 100644 --- a/2008/4xxx/CVE-2008-4557.json +++ b/2008/4xxx/CVE-2008-4557.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4851", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4851" - }, - { - "name" : "40236", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/40236" - }, - { - "name" : "28330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28330" - }, - { - "name" : "4403", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4403" - }, - { - "name" : "cutenews-html-code-execution(39450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40236", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/40236" + }, + { + "name": "4851", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4851" + }, + { + "name": "cutenews-html-code-execution(39450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39450" + }, + { + "name": "4403", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4403" + }, + { + "name": "28330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28330" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4825.json b/2008/4xxx/CVE-2008-4825.json index 49d18c0dd2e..c7ea06bd538 100644 --- a/2008/4xxx/CVE-2008-4825.json +++ b/2008/4xxx/CVE-2008-4825.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-4825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502323/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-49/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-49/" - }, - { - "name" : "http://www.ezbsystems.com/ultraiso/history.htm", - "refsource" : "MISC", - "url" : "http://www.ezbsystems.com/ultraiso/history.htm" - }, - { - "name" : "34325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34325" - }, - { - "name" : "1021964", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021964" - }, - { - "name" : "32415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32415" - }, - { - "name" : "ADV-2009-0903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32415" + }, + { + "name": "http://www.ezbsystems.com/ultraiso/history.htm", + "refsource": "MISC", + "url": "http://www.ezbsystems.com/ultraiso/history.htm" + }, + { + "name": "1021964", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021964" + }, + { + "name": "http://secunia.com/secunia_research/2008-49/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-49/" + }, + { + "name": "34325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34325" + }, + { + "name": "ADV-2009-0903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0903" + }, + { + "name": "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2209.json b/2013/2xxx/CVE-2013-2209.json index 49014da05e8..ebf6f5a8ce4 100644 --- a/2013/2xxx/CVE-2013-2209.json +++ b/2013/2xxx/CVE-2013-2209.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/24/2" - }, - { - "name" : "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard", - "refsource" : "MISC", - "url" : "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard" - }, - { - "name" : "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/", - "refsource" : "CONFIRM", - "url" : "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/" - }, - { - "name" : "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/", - "refsource" : "CONFIRM", - "url" : "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/" - }, - { - "name" : "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/", - "refsource" : "CONFIRM", - "url" : "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=977423", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=977423" - }, - { - "name" : "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf", - "refsource" : "CONFIRM", - "url" : "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard", + "refsource": "MISC", + "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=977423", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423" + }, + { + "name": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/", + "refsource": "CONFIRM", + "url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/" + }, + { + "name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/24/2" + }, + { + "name": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf", + "refsource": "CONFIRM", + "url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf" + }, + { + "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/", + "refsource": "CONFIRM", + "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/" + }, + { + "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/", + "refsource": "CONFIRM", + "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2357.json b/2013/2xxx/CVE-2013-2357.json index 2b12e79d34e..2be4eff9128 100644 --- a/2013/2xxx/CVE-2013-2357.json +++ b/2013/2xxx/CVE-2013-2357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02900", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SSRT100907", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100907", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "HPSBMU02900", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2607.json b/2013/2xxx/CVE-2013-2607.json index d8b5527f9fc..8348c46104f 100644 --- a/2013/2xxx/CVE-2013-2607.json +++ b/2013/2xxx/CVE-2013-2607.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2607", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2607", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2986.json b/2013/2xxx/CVE-2013-2986.json index 713577aaf40..90f90f3a261 100644 --- a/2013/2xxx/CVE-2013-2986.json +++ b/2013/2xxx/CVE-2013-2986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2986", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2986", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3312.json b/2013/3xxx/CVE-2013-3312.json index abaa5240ab4..eaf4bd18233 100644 --- a/2013/3xxx/CVE-2013-3312.json +++ b/2013/3xxx/CVE-2013-3312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3312", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3312", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3709.json b/2013/3xxx/CVE-2013-3709.json index fe925623b12..2ce668399f3 100644 --- a/2013/3xxx/CVE-2013-3709.json +++ b/2013/3xxx/CVE-2013-3709.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=851116", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=851116" - }, - { - "name" : "SUSE-SU-2013:1894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html" - }, - { - "name" : "openSUSE-SU-2013:1952", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2013:1954", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:1961", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html" - }, - { - "name" : "SUSE-SU-2014:0022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1961", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html" + }, + { + "name": "SUSE-SU-2014:0022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html" + }, + { + "name": "openSUSE-SU-2013:1952", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html" + }, + { + "name": "openSUSE-SU-2013:1954", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb" + }, + { + "name": "SUSE-SU-2013:1894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=851116", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=851116" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3712.json b/2013/3xxx/CVE-2013-3712.json index 67a58288a56..986ef0899d1 100644 --- a/2013/3xxx/CVE-2013-3712.json +++ b/2013/3xxx/CVE-2013-3712.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses \"static\" secret tokens, which has unspecified impact and vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SU-2014:0254", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2014/suse-su-20140254-1.html" - }, - { - "name" : "57050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses \"static\" secret tokens, which has unspecified impact and vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2014:0254", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140254-1.html" + }, + { + "name": "57050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57050" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6198.json b/2013/6xxx/CVE-2013-6198.json index 6b33980ba51..3e56aadbce8 100644 --- a/2013/6xxx/CVE-2013-6198.json +++ b/2013/6xxx/CVE-2013-6198.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02959", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075" - }, - { - "name" : "SSRT101405", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075" - }, - { - "name" : "1029541", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029541" - }, - { - "name" : "hp-service-cve20136198-xss(89975)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101405", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075" + }, + { + "name": "hp-service-cve20136198-xss(89975)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89975" + }, + { + "name": "1029541", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029541" + }, + { + "name": "HPSBMU02959", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6420.json b/2013/6xxx/CVE-2013-6420.json index 0cdea3b4e41..11aa4852409 100644 --- a/2013/6xxx/CVE-2013-6420.json +++ b/2013/6xxx/CVE-2013-6420.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html", - "refsource" : "MISC", - "url" : "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1036830", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1036830" - }, - { - "name" : "http://support.apple.com/kb/HT6150", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6150" - }, - { - "name" : "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!", - "refsource" : "CONFIRM", - "url" : "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!" - }, - { - "name" : "DSA-2816", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2816" - }, - { - "name" : "HPSBMU03112", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" - }, - { - "name" : "SSRT101447", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" - }, - { - "name" : "RHSA-2013:1813", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1813.html" - }, - { - "name" : "RHSA-2013:1815", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1815.html" - }, - { - "name" : "RHSA-2013:1824", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1824.html" - }, - { - "name" : "RHSA-2013:1825", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1825.html" - }, - { - "name" : "RHSA-2013:1826", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1826.html" - }, - { - "name" : "openSUSE-SU-2013:1963", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" - }, - { - "name" : "openSUSE-SU-2013:1964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" - }, - { - "name" : "USN-2055-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2055-1" - }, - { - "name" : "64225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64225" - }, - { - "name" : "1029472", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029472" - }, - { - "name" : "59652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2816", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2816" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415" + }, + { + "name": "RHSA-2013:1824", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1824.html" + }, + { + "name": "HPSBMU03112", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" + }, + { + "name": "openSUSE-SU-2013:1964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html" + }, + { + "name": "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!", + "refsource": "CONFIRM", + "url": "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!" + }, + { + "name": "59652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59652" + }, + { + "name": "64225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64225" + }, + { + "name": "RHSA-2013:1826", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1826.html" + }, + { + "name": "http://support.apple.com/kb/HT6150", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6150" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "RHSA-2013:1815", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1815.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1036830", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036830" + }, + { + "name": "openSUSE-SU-2013:1963", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html" + }, + { + "name": "RHSA-2013:1813", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1813.html" + }, + { + "name": "1029472", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029472" + }, + { + "name": "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html", + "refsource": "MISC", + "url": "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html" + }, + { + "name": "SSRT101447", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322" + }, + { + "name": "RHSA-2013:1825", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1825.html" + }, + { + "name": "USN-2055-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2055-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6704.json b/2013/6xxx/CVE-2013-6704.json index e2fd60df83e..7bbfdfc58ca 100644 --- a/2013/6xxx/CVE-2013-6704.json +++ b/2013/6xxx/CVE-2013-6704.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131203 Cisco IOS XE Software TFTP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6704" - }, - { - "name" : "1029424", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029424", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029424" + }, + { + "name": "20131203 Cisco IOS XE Software TFTP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6704" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6758.json b/2013/6xxx/CVE-2013-6758.json index ee1734aed93..c0213caa30e 100644 --- a/2013/6xxx/CVE-2013-6758.json +++ b/2013/6xxx/CVE-2013-6758.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6758", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6758", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6825.json b/2013/6xxx/CVE-2013-6825.json index 830d1004384..c13abcb9417 100644 --- a/2013/6xxx/CVE-2013-6825.json +++ b/2013/6xxx/CVE-2013-6825.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140602 CVE-2013-6825 DCMTK Root Privilege escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532261/100/0/threaded" - }, - { - "name" : "20140604 CVE-2013-6825 DCMTK Root Privilege escalation", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/11" - }, - { - "name" : "http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html" - }, - { - "name" : "http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361", - "refsource" : "CONFIRM", - "url" : "http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361" - }, - { - "name" : "67784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67784" - }, - { - "name" : "58916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140602 CVE-2013-6825 DCMTK Root Privilege escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532261/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html" + }, + { + "name": "58916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58916" + }, + { + "name": "http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361", + "refsource": "CONFIRM", + "url": "http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361" + }, + { + "name": "67784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67784" + }, + { + "name": "20140604 CVE-2013-6825 DCMTK Root Privilege escalation", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/11" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7006.json b/2013/7xxx/CVE-2013-7006.json index c26276688b2..ba656b14f2e 100644 --- a/2013/7xxx/CVE-2013-7006.json +++ b/2013/7xxx/CVE-2013-7006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7006", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7006", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7177.json b/2013/7xxx/CVE-2013-7177.json index d349f1839c2..18771014a29 100644 --- a/2013/7xxx/CVE-2013-7177.json +++ b/2013/7xxx/CVE-2013-7177.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-7177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087", - "refsource" : "CONFIRM", - "url" : "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087" - }, - { - "name" : "DSA-2979", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2979" - }, - { - "name" : "openSUSE-SU-2014:0348", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html" - }, - { - "name" : "VU#686662", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/686662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#686662", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/686662" + }, + { + "name": "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087", + "refsource": "CONFIRM", + "url": "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087" + }, + { + "name": "openSUSE-SU-2014:0348", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html" + }, + { + "name": "DSA-2979", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2979" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7404.json b/2013/7xxx/CVE-2013-7404.json index cdb188dcfc4..114e9bc372d 100644 --- a/2013/7xxx/CVE-2013-7404.json +++ b/2013/7xxx/CVE-2013-7404.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" - }, - { - "name" : "https://twitter.com/digitalbond/status/619250429751222277", - "refsource" : "MISC", - "url" : "https://twitter.com/digitalbond/status/619250429751222277" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA&DIRECTION=5411136-1EN&FILENAME=5411136-1EN_r3.pdf&FILEREV=3&DOCREV_ORG=3", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA&DIRECTION=5411136-1EN&FILENAME=5411136-1EN_r3.pdf&FILEREV=3&DOCREV_ORG=3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA&DIRECTION=5411136-1EN&FILENAME=5411136-1EN_r3.pdf&FILEREV=3&DOCREV_ORG=3", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA&DIRECTION=5411136-1EN&FILENAME=5411136-1EN_r3.pdf&FILEREV=3&DOCREV_ORG=3" + }, + { + "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" + }, + { + "name": "https://twitter.com/digitalbond/status/619250429751222277", + "refsource": "MISC", + "url": "https://twitter.com/digitalbond/status/619250429751222277" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10317.json b/2017/10xxx/CVE-2017-10317.json index 6dd91994621..b13d523433a 100644 --- a/2017/10xxx/CVE-2017-10317.json +++ b/2017/10xxx/CVE-2017-10317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Suite8", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.10.1" - }, - { - "version_affected" : "=", - "version_value" : "8.10.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Suite8", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.10.1" + }, + { + "version_affected": "=", + "version_value": "8.10.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101454" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10379.json b/2017/10xxx/CVE-2017-10379.json index 81292266da8..1cfb41fa6df 100644 --- a/2017/10xxx/CVE-2017-10379.json +++ b/2017/10xxx/CVE-2017-10379.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" - }, - { - "name" : "DSA-4002", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4002" - }, - { - "name" : "RHSA-2017:3265", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3265" - }, - { - "name" : "RHSA-2017:3442", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3442" - }, - { - "name" : "RHSA-2018:0279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0279" - }, - { - "name" : "RHSA-2018:0574", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0574" - }, - { - "name" : "RHSA-2018:2439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2439" - }, - { - "name" : "RHSA-2018:2729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2729" - }, - { - "name" : "101415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101415" - }, - { - "name" : "1039597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4002", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4002" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0002/" + }, + { + "name": "RHSA-2017:3265", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3265" + }, + { + "name": "RHSA-2018:2729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2729" + }, + { + "name": "RHSA-2018:0574", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0574" + }, + { + "name": "1039597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039597" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2018:0279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0279" + }, + { + "name": "RHSA-2018:2439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2439" + }, + { + "name": "RHSA-2017:3442", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3442" + }, + { + "name": "101415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101415" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10760.json b/2017/10xxx/CVE-2017-10760.json index 7bb82e6abc6..7e25909ef54 100644 --- a/2017/10xxx/CVE-2017-10760.json +++ b/2017/10xxx/CVE-2017-10760.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10810.json b/2017/10xxx/CVE-2017-10810.json index 4e99381f056..33052210453 100644 --- a/2017/10xxx/CVE-2017-10810.json +++ b/2017/10xxx/CVE-2017-10810.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a" - }, - { - "name" : "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a" - }, - { - "name" : "https://lkml.org/lkml/2017/4/6/668", - "refsource" : "CONFIRM", - "url" : "https://lkml.org/lkml/2017/4/6/668" - }, - { - "name" : "DSA-3927", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3927" - }, - { - "name" : "99433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3927", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3927" + }, + { + "name": "99433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99433" + }, + { + "name": "https://lkml.org/lkml/2017/4/6/668", + "refsource": "CONFIRM", + "url": "https://lkml.org/lkml/2017/4/6/668" + }, + { + "name": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13579.json b/2017/13xxx/CVE-2017-13579.json index c5dc37554d3..dfaf3f01001 100644 --- a/2017/13xxx/CVE-2017-13579.json +++ b/2017/13xxx/CVE-2017-13579.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13579", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13579", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13738.json b/2017/13xxx/CVE-2017-13738.json index 61e78f679ef..3828188e941 100644 --- a/2017/13xxx/CVE-2017-13738.json +++ b/2017/13xxx/CVE-2017-13738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484297", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484297" - }, - { - "name" : "RHSA-2017:3111", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3111" - }, - { - "name" : "100607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100607" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484297", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484297" + }, + { + "name": "RHSA-2017:3111", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3111" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14164.json b/2017/14xxx/CVE-2017-14164.json index 32bee16ab1d..2b053136282 100644 --- a/2017/14xxx/CVE-2017-14164.json +++ b/2017/14xxx/CVE-2017-14164.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/issues/991", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/issues/991" - }, - { - "name" : "GLSA-201710-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-26" - }, - { - "name" : "100677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201710-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-26" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/" + }, + { + "name": "100677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100677" + }, + { + "name": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a" + }, + { + "name": "https://github.com/uclouvain/openjpeg/issues/991", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/issues/991" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14954.json b/2017/14xxx/CVE-2017-14954.json index 10168618a18..91c2ec6931a 100644 --- a/2017/14xxx/CVE-2017-14954.json +++ b/2017/14xxx/CVE-2017-14954.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9" - }, - { - "name" : "https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c", - "refsource" : "MISC", - "url" : "https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c" - }, - { - "name" : "https://twitter.com/_argp/status/914021130712870912", - "refsource" : "MISC", - "url" : "https://twitter.com/_argp/status/914021130712870912" - }, - { - "name" : "https://twitter.com/grsecurity/status/914079864478666753", - "refsource" : "MISC", - "url" : "https://twitter.com/grsecurity/status/914079864478666753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9" + }, + { + "name": "https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c", + "refsource": "MISC", + "url": "https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c" + }, + { + "name": "https://twitter.com/grsecurity/status/914079864478666753", + "refsource": "MISC", + "url": "https://twitter.com/grsecurity/status/914079864478666753" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9" + }, + { + "name": "https://twitter.com/_argp/status/914021130712870912", + "refsource": "MISC", + "url": "https://twitter.com/_argp/status/914021130712870912" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17021.json b/2017/17xxx/CVE-2017-17021.json index 4d7e4bf50e4..a140709c064 100644 --- a/2017/17xxx/CVE-2017-17021.json +++ b/2017/17xxx/CVE-2017-17021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17021", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17021", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17222.json b/2017/17xxx/CVE-2017-17222.json index 482918adc0e..765b1aa4aad 100644 --- a/2017/17xxx/CVE-2017-17222.json +++ b/2017/17xxx/CVE-2017-17222.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eSpace 7950; eSpace 8950", - "version" : { - "version_data" : [ - { - "version_value" : "eSpace 7950 V200R003C30" - }, - { - "version_value" : "eSpace 8950 V200R003C00" - }, - { - "version_value" : "V200R003C30" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eSpace 7950; eSpace 8950", + "version": { + "version_data": [ + { + "version_value": "eSpace 7950 V200R003C30" + }, + { + "version_value": "eSpace 8950 V200R003C00" + }, + { + "version_value": "V200R003C30" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17284.json b/2017/17xxx/CVE-2017-17284.json index 42657980476..7a5bb0cd538 100644 --- a/2017/17xxx/CVE-2017-17284.json +++ b/2017/17xxx/CVE-2017-17284.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300,RP200,TE30,TE40,TE50,TE60", - "version" : { - "version_data" : [ - { - "version_value" : "DP300 V500R002C00,RP200 V500R002C00, V600R006C00,TE30 V100R001C10, V500R002C00, V600R006C00,TE40 V500R002C00, V600R006C00,TE50 V500R002C00, V600R006C00,TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "resource management error" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300,RP200,TE30,TE40,TE50,TE60", + "version": { + "version_data": [ + { + "version_value": "DP300 V500R002C00,RP200 V500R002C00, V600R006C00,TE30 V100R001C10, V500R002C00, V600R006C00,TE40 V500R002C00, V600R006C00,TE50 V500R002C00, V600R006C00,TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "resource management error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17475.json b/2017/17xxx/CVE-2017-17475.json index b598571f93d..edc6f039ab6 100644 --- a/2017/17xxx/CVE-2017-17475.json +++ b/2017/17xxx/CVE-2017-17475.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82736068." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82736068", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82736068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82736068." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82736068", + "refsource": "MISC", + "url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82736068" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9185.json b/2017/9xxx/CVE-2017-9185.json index a8daa3a9606..22520e86d0b 100644 --- a/2017/9xxx/CVE-2017-9185.json +++ b/2017/9xxx/CVE-2017-9185.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-bmp.c:319:7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-bmp.c:319:7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9511.json b/2017/9xxx/CVE-2017-9511.json index e5a41ace97c..ecb83dda246 100644 --- a/2017/9xxx/CVE-2017-9511.json +++ b/2017/9xxx/CVE-2017-9511.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-07-17T00:00:00", - "ID" : "CVE-2017-9511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlassian FishEye and Crucible", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-07-17T00:00:00", + "ID": "CVE-2017-9511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlassian FishEye and Crucible", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8049", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/CRUC-8049" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-6891", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/FE-6891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CRUC-8049", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/CRUC-8049" + }, + { + "name": "https://jira.atlassian.com/browse/FE-6891", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/FE-6891" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9631.json b/2017/9xxx/CVE-2017-9631.json index 7fe00ba79cf..83edb4e566b 100644 --- a/2017/9xxx/CVE-2017-9631.json +++ b/2017/9xxx/CVE-2017-9631.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-9631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Schneider Electric Wonderware ArchestrA Logger", - "version" : { - "version_data" : [ - { - "version_value" : "Schneider Electric Wonderware ArchestrA Logger" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-476" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-9631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Schneider Electric Wonderware ArchestrA Logger", + "version": { + "version_data": [ + { + "version_value": "Schneider Electric Wonderware ArchestrA Logger" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/", - "refsource" : "MISC", - "url" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04" - }, - { - "name" : "99488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99488" - }, - { - "name" : "1038836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99488" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04" + }, + { + "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/", + "refsource": "MISC", + "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/" + }, + { + "name": "1038836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038836" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9846.json b/2017/9xxx/CVE-2017-9846.json index d510bd5647a..4c7970bebb7 100644 --- a/2017/9xxx/CVE-2017-9846.json +++ b/2017/9xxx/CVE-2017-9846.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.magicwinmail.com/changelog.php", - "refsource" : "MISC", - "url" : "http://www.magicwinmail.com/changelog.php" - }, - { - "name" : "https://github.com/zhonghaozhao/winmail/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/zhonghaozhao/winmail/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zhonghaozhao/winmail/issues/1", + "refsource": "MISC", + "url": "https://github.com/zhonghaozhao/winmail/issues/1" + }, + { + "name": "http://www.magicwinmail.com/changelog.php", + "refsource": "MISC", + "url": "http://www.magicwinmail.com/changelog.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0102.json b/2018/0xxx/CVE-2018-0102.json index b19acef266f..978b11b3ad7 100644 --- a/2018/0xxx/CVE-2018-0102.json +++ b/2018/0xxx/CVE-2018-0102.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco NX-OS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco NX-OS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco NX-OS", + "version": { + "version_data": [ + { + "version_value": "Cisco NX-OS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os" - }, - { - "name" : "102728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102728" - }, - { - "name" : "1040219", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040219", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040219" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os" + }, + { + "name": "102728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102728" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0919.json b/2018/0xxx/CVE-2018-0919.json index 3fe17263595..005a650a937 100644 --- a/2018/0xxx/CVE-2018-0919.json +++ b/2018/0xxx/CVE-2018-0919.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919" - }, - { - "name" : "103311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103311" - }, - { - "name" : "1040526", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040526", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040526" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919" + }, + { + "name": "103311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103311" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000118.json b/2018/1000xxx/CVE-2018-1000118.json index a3882c23cfe..34fa8ace31e 100644 --- a/2018/1000xxx/CVE-2018-1000118.json +++ b/2018/1000xxx/CVE-2018-1000118.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/23/2018 10:04:49", - "ID" : "CVE-2018-1000118", - "REQUESTER" : "xiao.gong@chaitin.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Electron", - "version" : { - "version_data" : [ - { - "version_value" : "Electron 1.8.2-beta.4 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Github" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/23/2018 10:04:49", + "ID": "CVE-2018-1000118", + "REQUESTER": "xiao.gong@chaitin.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://electronjs.org/releases#1.8.2-beta.5", - "refsource" : "CONFIRM", - "url" : "https://electronjs.org/releases#1.8.2-beta.5" - }, - { - "name" : "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7", - "refsource" : "CONFIRM", - "url" : "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://electronjs.org/releases#1.8.2-beta.5", + "refsource": "CONFIRM", + "url": "https://electronjs.org/releases#1.8.2-beta.5" + }, + { + "name": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7", + "refsource": "CONFIRM", + "url": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000606.json b/2018/1000xxx/CVE-2018-1000606.json index 3ecb4d67449..cfc71f68653 100644 --- a/2018/1000xxx/CVE-2018-1000606.json +++ b/2018/1000xxx/CVE-2018-1000606.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-25T11:12:00.705415", - "DATE_REQUESTED" : "2018-06-25T00:00:00", - "ID" : "CVE-2018-1000606", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins URLTrigger Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "0.41 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-441, CWE-918" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-25T11:12:00.705415", + "DATE_REQUESTED": "2018-06-25T00:00:00", + "ID": "CVE-2018-1000606", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000804.json b/2018/1000xxx/CVE-2018-1000804.json index 94645d3735a..6897426e997 100644 --- a/2018/1000xxx/CVE-2018-1000804.json +++ b/2018/1000xxx/CVE-2018-1000804.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-10-05T22:22:07.609207", - "DATE_REQUESTED" : "2018-09-07T13:28:01", - "ID" : "CVE-2018-1000804", - "REQUESTER" : "cve.reporting@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "contiki-ng", - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - } - } - ] - }, - "vendor_name" : "contiki-ng" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-10-05T22:22:07.609207", + "DATE_REQUESTED": "2018-09-07T13:28:01", + "ID": "CVE-2018-1000804", + "REQUESTER": "cve.reporting@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/contiki-ng/contiki-ng/issues/594", - "refsource" : "CONFIRM", - "url" : "https://github.com/contiki-ng/contiki-ng/issues/594" - }, - { - "name" : "https://github.com/contiki-ng/contiki-ng/pull/624", - "refsource" : "CONFIRM", - "url" : "https://github.com/contiki-ng/contiki-ng/pull/624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/contiki-ng/contiki-ng/issues/594", + "refsource": "CONFIRM", + "url": "https://github.com/contiki-ng/contiki-ng/issues/594" + }, + { + "name": "https://github.com/contiki-ng/contiki-ng/pull/624", + "refsource": "CONFIRM", + "url": "https://github.com/contiki-ng/contiki-ng/pull/624" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19061.json b/2018/19xxx/CVE-2018-19061.json index cb8611bfda1..909811b359a 100644 --- a/2018/19xxx/CVE-2018-19061.json +++ b/2018/19xxx/CVE-2018-19061.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DedeCMS 5.7 SP2 has SQL Injection via the dede\\co_do.php ids parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html", - "refsource" : "MISC", - "url" : "https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html" - }, - { - "name" : "https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/", - "refsource" : "MISC", - "url" : "https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DedeCMS 5.7 SP2 has SQL Injection via the dede\\co_do.php ids parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html", + "refsource": "MISC", + "url": "https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html" + }, + { + "name": "https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/", + "refsource": "MISC", + "url": "https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19524.json b/2018/19xxx/CVE-2018-19524.json index e517db39746..2e67b1ec1bb 100644 --- a/2018/19xxx/CVE-2018-19524.json +++ b/2018/19xxx/CVE-2018-19524.json @@ -2,30 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19524", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } + "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", @@ -34,48 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://packetstormsecurity.com/files/151608/Skyworth-GPON-HomeGateways-Optical-Network-Stack-Overflow.html", - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/151608/Skyworth-GPON-HomeGateways-Optical-Network-Stack-Overflow.html" - }, - { - "url": "http://seclists.org/fulldisclosure/2019/Feb/30", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2019/Feb/30" - }, - { - "url": "https://seclists.org/bugtraq/2019/Feb/21", - "refsource": "MISC", - "name": "https://seclists.org/bugtraq/2019/Feb/21" - }, - { - "url": "https://www.exploit-db.com/exploits/46358/", - "refsource": "MISC", - "name": "https://www.exploit-db.com/exploits/46358/" - }, - { - "url": "http://breakthesec.com", - "refsource": "MISC", - "name": "http://breakthesec.com" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2018/19xxx/CVE-2018-19784.json b/2018/19xxx/CVE-2018-19784.json index df53efad339..07759d9512a 100644 --- a/2018/19xxx/CVE-2018-19784.json +++ b/2018/19xxx/CVE-2018-19784.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Athlon1600/php-proxy-app/issues/139", - "refsource" : "MISC", - "url" : "https://github.com/Athlon1600/php-proxy-app/issues/139" - }, - { - "name" : "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md", - "refsource" : "MISC", - "url" : "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md", + "refsource": "MISC", + "url": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md" + }, + { + "name": "https://github.com/Athlon1600/php-proxy-app/issues/139", + "refsource": "MISC", + "url": "https://github.com/Athlon1600/php-proxy-app/issues/139" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1120.json b/2018/1xxx/CVE-2018-1120.json index 3cb5a1ef8e3..764e12b6962 100644 --- a/2018/1xxx/CVE-2018-1120.json +++ b/2018/1xxx/CVE-2018-1120.json @@ -1,132 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-1120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel", - "version" : { - "version_data" : [ - { - "version_value" : "kernel 4.17" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks)." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "2.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "kernel 4.17" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44806", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44806/" - }, - { - "name" : "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2018/q2/122" - }, - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830" - }, - { - "name" : "GLSA-201805-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-14" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "USN-3752-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-1/" - }, - { - "name" : "USN-3752-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-2/" - }, - { - "name" : "USN-3752-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-3/" - }, - { - "name" : "104229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks)." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "2.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3752-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-2/" + }, + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "104229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104229" + }, + { + "name": "USN-3752-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-3/" + }, + { + "name": "GLSA-201805-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-14" + }, + { + "name": "44806", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44806/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3910-1", + "url": "https://usn.ubuntu.com/3910-1/" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120" + }, + { + "refsource": "UBUNTU", + "name": "USN-3910-2", + "url": "https://usn.ubuntu.com/3910-2/" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2018/q2/122" + }, + { + "name": "USN-3752-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-1/" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1453.json b/2018/1xxx/CVE-2018-1453.json index 8d6d8344bb2..c92cdffc0df 100644 --- a/2018/1xxx/CVE-2018-1453.json +++ b/2018/1xxx/CVE-2018-1453.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-06T00:00:00", - "ID" : "CVE-2018-1453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Identity Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "N", - "C" : "H", - "I" : "H", - "PR" : "L", - "S" : "U", - "SCORE" : "8.800", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-06T00:00:00", + "ID": "CVE-2018-1453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Manager", + "version": { + "version_data": [ + { + "version_value": "7.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013617", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013617" - }, - { - "name" : "1041383", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041383" - }, - { - "name" : "ibm-sim-cve20181453-file-upload(140055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "N", + "C": "H", + "I": "H", + "PR": "L", + "S": "U", + "SCORE": "8.800", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013617", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013617" + }, + { + "name": "1041383", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041383" + }, + { + "name": "ibm-sim-cve20181453-file-upload(140055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1739.json b/2018/1xxx/CVE-2018-1739.json index ff05dc5a1c2..b110eb6136a 100644 --- a/2018/1xxx/CVE-2018-1739.json +++ b/2018/1xxx/CVE-2018-1739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4680.json b/2018/4xxx/CVE-2018-4680.json index b5eb79b42a3..a579a996585 100644 --- a/2018/4xxx/CVE-2018-4680.json +++ b/2018/4xxx/CVE-2018-4680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4680", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4680", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file