diff --git a/2001/0xxx/CVE-2001-0317.json b/2001/0xxx/CVE-2001-0317.json index 4f7518e59a8..e19ef2cc095 100644 --- a/2001/0xxx/CVE-2001-0317.json +++ b/2001/0xxx/CVE-2001-0317.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010213 Trustix Security Advisory - proftpd, kernel", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html" - }, - { - "name" : "RHSA-2001:013", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-013.html" - }, - { - "name" : "CSSA-2001-009", - "refsource" : "CALDERA", - "url" : "http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt" - }, - { - "name" : "linux-ptrace-modify-process(6080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:013", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-013.html" + }, + { + "name": "linux-ptrace-modify-process(6080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6080" + }, + { + "name": "CSSA-2001-009", + "refsource": "CALDERA", + "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt" + }, + { + "name": "20010213 Trustix Security Advisory - proftpd, kernel", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0414.json b/2008/0xxx/CVE-2008-0414.json index 87815384279..66d94a66f44 100644 --- a/2008/0xxx/CVE-2008-0414.json +++ b/2008/0xxx/CVE-2008-0414.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka \"focus spoofing.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080209 rPSA-2008-0051-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487826/100/0/threaded" - }, - { - "name" : "20080212 FLEA-2008-0001-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488002/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-02.html" - }, - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=404451,408034,404391,405299", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=404451,408034,404391,405299" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051" - }, - { - "name" : "http://browser.netscape.com/releasenotes/", - "refsource" : "CONFIRM", - "url" : "http://browser.netscape.com/releasenotes/" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html" - }, - { - "name" : "DSA-1484", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1484" - }, - { - "name" : "DSA-1485", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1485" - }, - { - "name" : "DSA-1489", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1489" - }, - { - "name" : "DSA-1506", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1506" - }, - { - "name" : "FEDORA-2008-1435", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html" - }, - { - "name" : "FEDORA-2008-1459", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html" - }, - { - "name" : "FEDORA-2008-1535", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html" - }, - { - "name" : "GLSA-200805-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" - }, - { - "name" : "MDVSA-2008:048", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048" - }, - { - "name" : "238492", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" - }, - { - "name" : "SUSE-SA:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html" - }, - { - "name" : "USN-576-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-576-1" - }, - { - "name" : "27683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27683" - }, - { - "name" : "ADV-2008-0453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0453/references" - }, - { - "name" : "ADV-2008-0627", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0627/references" - }, - { - "name" : "ADV-2008-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1793/references" - }, - { - "name" : "1019330", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019330" - }, - { - "name" : "28758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28758" - }, - { - "name" : "28815", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28815" - }, - { - "name" : "28839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28839" - }, - { - "name" : "28864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28864" - }, - { - "name" : "28865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28865" - }, - { - "name" : "28877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28877" - }, - { - "name" : "28879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28879" - }, - { - "name" : "28924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28924" - }, - { - "name" : "28939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28939" - }, - { - "name" : "28958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28958" - }, - { - "name" : "29049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29049" - }, - { - "name" : "29086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29086" - }, - { - "name" : "29567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29567" - }, - { - "name" : "30327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30327" - }, - { - "name" : "30620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka \"focus spoofing.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-576-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-576-1" + }, + { + "name": "http://browser.netscape.com/releasenotes/", + "refsource": "CONFIRM", + "url": "http://browser.netscape.com/releasenotes/" + }, + { + "name": "28939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28939" + }, + { + "name": "DSA-1506", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1506" + }, + { + "name": "30620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30620" + }, + { + "name": "28865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28865" + }, + { + "name": "29049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29049" + }, + { + "name": "ADV-2008-0453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0453/references" + }, + { + "name": "28877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28877" + }, + { + "name": "28879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28879" + }, + { + "name": "29567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29567" + }, + { + "name": "28958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28958" + }, + { + "name": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html" + }, + { + "name": "30327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30327" + }, + { + "name": "238492", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" + }, + { + "name": "DSA-1489", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1489" + }, + { + "name": "20080212 FLEA-2008-0001-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded" + }, + { + "name": "20080209 rPSA-2008-0051-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded" + }, + { + "name": "29086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29086" + }, + { + "name": "28815", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28815" + }, + { + "name": "28864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28864" + }, + { + "name": "DSA-1485", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1485" + }, + { + "name": "28924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28924" + }, + { + "name": "27683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27683" + }, + { + "name": "ADV-2008-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1793/references" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-02.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-02.html" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=404451,408034,404391,405299", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=404451,408034,404391,405299" + }, + { + "name": "1019330", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019330" + }, + { + "name": "SUSE-SA:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html" + }, + { + "name": "FEDORA-2008-1459", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html" + }, + { + "name": "FEDORA-2008-1535", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0051", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051" + }, + { + "name": "DSA-1484", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1484" + }, + { + "name": "ADV-2008-0627", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0627/references" + }, + { + "name": "GLSA-200805-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" + }, + { + "name": "28758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28758" + }, + { + "name": "FEDORA-2008-1435", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html" + }, + { + "name": "MDVSA-2008:048", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048" + }, + { + "name": "28839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28839" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0520.json b/2008/0xxx/CVE-2008-0520.json index c77fc2718bc..7b1fd36fd81 100644 --- a/2008/0xxx/CVE-2008-0520.json +++ b/2008/0xxx/CVE-2008-0520.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5017", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5017" - }, - { - "name" : "http://www.wpwp.org/archives/warning-security-bug-in-version/", - "refsource" : "CONFIRM", - "url" : "http://www.wpwp.org/archives/warning-security-bug-in-version/" - }, - { - "name" : "27525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27525" - }, - { - "name" : "ADV-2008-0365", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0365" - }, - { - "name" : "28702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wpwp.org/archives/warning-security-bug-in-version/", + "refsource": "CONFIRM", + "url": "http://www.wpwp.org/archives/warning-security-bug-in-version/" + }, + { + "name": "5017", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5017" + }, + { + "name": "27525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27525" + }, + { + "name": "28702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28702" + }, + { + "name": "ADV-2008-0365", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0365" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0566.json b/2008/0xxx/CVE-2008-0566.json index 74cae91d2a9..6b968691f47 100644 --- a/2008/0xxx/CVE-2008-0566.json +++ b/2008/0xxx/CVE-2008-0566.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5022", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5022" - }, - { - "name" : "27529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5022", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5022" + }, + { + "name": "27529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27529" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0713.json b/2008/0xxx/CVE-2008-0713.json index b9505a81315..0a969b55aa1 100644 --- a/2008/0xxx/CVE-2008-0713.json +++ b/2008/0xxx/CVE-2008-0713.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02334", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01446326" - }, - { - "name" : "SSRT071403", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01446326" - }, - { - "name" : "29160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29160" - }, - { - "name" : "oval:org.mitre.oval:def:5289", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5289" - }, - { - "name" : "ADV-2008-1475", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1475/references" - }, - { - "name" : "1020005", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020005" - }, - { - "name" : "30195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30195" - }, - { - "name" : "hpux-ftp-dos(42357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5289", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5289" + }, + { + "name": "1020005", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020005" + }, + { + "name": "30195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30195" + }, + { + "name": "29160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29160" + }, + { + "name": "ADV-2008-1475", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1475/references" + }, + { + "name": "HPSBUX02334", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01446326" + }, + { + "name": "SSRT071403", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01446326" + }, + { + "name": "hpux-ftp-dos(42357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42357" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1369.json b/2008/1xxx/CVE-2008-1369.json index 34a4916516e..2f09f416a85 100644 --- a/2008/1xxx/CVE-2008-1369.json +++ b/2008/1xxx/CVE-2008-1369.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "231244", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1" - }, - { - "name" : "28469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28469" - }, - { - "name" : "ADV-2008-0810", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0810/references" - }, - { - "name" : "1019708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019708" - }, - { - "name" : "29529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29529" - }, - { - "name" : "sparc-configuration-privilege-escalation(41332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0810", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0810/references" + }, + { + "name": "sparc-configuration-privilege-escalation(41332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41332" + }, + { + "name": "29529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29529" + }, + { + "name": "231244", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1" + }, + { + "name": "1019708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019708" + }, + { + "name": "28469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28469" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1587.json b/2008/1xxx/CVE-2008-1587.json index 68cd14c8ba4..f828d2a08ea 100644 --- a/2008/1xxx/CVE-2008-1587.json +++ b/2008/1xxx/CVE-2008-1587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1776.json b/2008/1xxx/CVE-2008-1776.json index 2d12d74450a..13a64871dd5 100644 --- a/2008/1xxx/CVE-2008-1776.json +++ b/2008/1xxx/CVE-2008-1776.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5348", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5348" - }, - { - "name" : "28588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28588" - }, - { - "name" : "phpblock-basicfogfactoryclass-file-include(41616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5348", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5348" + }, + { + "name": "phpblock-basicfogfactoryclass-file-include(41616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41616" + }, + { + "name": "28588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28588" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5300.json b/2008/5xxx/CVE-2008-5300.json index 948051945bb..57356245c1d 100644 --- a/2008/5xxx/CVE-2008-5300.json +++ b/2008/5xxx/CVE-2008-5300.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.6.28 allows local users to cause a denial of service (\"soft lockup\" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081209 rPSA-2008-0332-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499044/100/0/threaded" - }, - { - "name" : "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512019/100/0/threaded" - }, - { - "name" : "[linux-netdev] 20081120 soft lockups/OOM after unix socket fixes", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=122721862313564&w=2" - }, - { - "name" : "[linux-netdev] 20081125 [PATCH] Fix soft lockups/OOM issues w/ unix garbage collector", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=122765505415944&w=2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=470201", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=470201" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2915", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2915" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259" - }, - { - "name" : "DSA-1681", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1681" - }, - { - "name" : "FEDORA-2008-11618", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html" - }, - { - "name" : "MDVSA-2009:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:032" - }, - { - "name" : "RHSA-2009:0014", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0014.html" - }, - { - "name" : "RHSA-2009:0053", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0053.html" - }, - { - "name" : "RHSA-2009:1550", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1550.html" - }, - { - "name" : "USN-715-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-715-1" - }, - { - "name" : "USN-714-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/714-1/" - }, - { - "name" : "32516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32516" - }, - { - "name" : "50272", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50272" - }, - { - "name" : "oval:org.mitre.oval:def:10283", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10283" - }, - { - "name" : "oval:org.mitre.oval:def:11427", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11427" - }, - { - "name" : "32913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32913" - }, - { - "name" : "32998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32998" - }, - { - "name" : "33756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33756" - }, - { - "name" : "33706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33706" - }, - { - "name" : "33556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33556" - }, - { - "name" : "33854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33854" - }, - { - "name" : "33348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33348" - }, - { - "name" : "33083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33083" - }, - { - "name" : "4673", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4673" - }, - { - "name" : "linux-kernel-sendmsg-dos(46943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.6.28 allows local users to cause a denial of service (\"soft lockup\" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32998" + }, + { + "name": "20081209 rPSA-2008-0332-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499044/100/0/threaded" + }, + { + "name": "[linux-netdev] 20081120 soft lockups/OOM after unix socket fixes", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=122721862313564&w=2" + }, + { + "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded" + }, + { + "name": "33706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33706" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2915", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2915" + }, + { + "name": "oval:org.mitre.oval:def:10283", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10283" + }, + { + "name": "RHSA-2009:0053", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0053.html" + }, + { + "name": "33756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33756" + }, + { + "name": "FEDORA-2008-11618", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html" + }, + { + "name": "33348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33348" + }, + { + "name": "32913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32913" + }, + { + "name": "oval:org.mitre.oval:def:11427", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11427" + }, + { + "name": "4673", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4673" + }, + { + "name": "[linux-netdev] 20081125 [PATCH] Fix soft lockups/OOM issues w/ unix garbage collector", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=122765505415944&w=2" + }, + { + "name": "RHSA-2009:0014", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0014.html" + }, + { + "name": "linux-kernel-sendmsg-dos(46943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46943" + }, + { + "name": "32516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32516" + }, + { + "name": "MDVSA-2009:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:032" + }, + { + "name": "33556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33556" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332" + }, + { + "name": "33083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33083" + }, + { + "name": "USN-714-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/714-1/" + }, + { + "name": "50272", + "refsource": "OSVDB", + "url": "http://osvdb.org/50272" + }, + { + "name": "RHSA-2009:1550", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=470201", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470201" + }, + { + "name": "USN-715-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-715-1" + }, + { + "name": "33854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33854" + }, + { + "name": "DSA-1681", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1681" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5452.json b/2008/5xxx/CVE-2008-5452.json index 78cbc3a345a..9a0d20a18b8 100644 --- a/2008/5xxx/CVE-2008-5452.json +++ b/2008/5xxx/CVE-2008-5452.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "1021570", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021570" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + }, + { + "name": "1021570", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021570" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5966.json b/2008/5xxx/CVE-2008-5966.json index 731b4b30ea9..e4cdc508b24 100644 --- a/2008/5xxx/CVE-2008-5966.json +++ b/2008/5xxx/CVE-2008-5966.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6735", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6735" - }, - { - "name" : "31727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31727" - }, - { - "name" : "globsy-globsyedit-file-overwrite(48324)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6735", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6735" + }, + { + "name": "31727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31727" + }, + { + "name": "globsy-globsyedit-file-overwrite(48324)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48324" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0065.json b/2013/0xxx/CVE-2013-0065.json index a49f6c2e968..dc5cb085289 100644 --- a/2013/0xxx/CVE-2013-0065.json +++ b/2013/0xxx/CVE-2013-0065.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0065", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0065", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3409.json b/2013/3xxx/CVE-2013-3409.json index 006aba964d0..3e5f720f8ec 100644 --- a/2013/3xxx/CVE-2013-3409.json +++ b/2013/3xxx/CVE-2013-3409.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131009 Cisco Prime Central for HCS Portal Credentials Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131009 Cisco Prime Central for HCS Portal Credentials Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3409" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3555.json b/2013/3xxx/CVE-2013-3555.json index c0a926349be..c14ab38a0fb 100644 --- a/2013/3xxx/CVE-2013-3555.json +++ b/2013/3xxx/CVE-2013-3555.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gtpv2.c?r1=48393&r2=48392&pathrev=48393", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gtpv2.c?r1=48393&r2=48392&pathrev=48393" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48393", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48393" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-24.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493" - }, - { - "name" : "DSA-2700", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2700" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "openSUSE-SU-2013:1084", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html" - }, - { - "name" : "openSUSE-SU-2013:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html" - }, - { - "name" : "openSUSE-SU-2013:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html" - }, - { - "name" : "openSUSE-SU-2013:0947", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html" - }, - { - "name" : "oval:org.mitre.oval:def:16779", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16779" - }, - { - "name" : "53425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53425" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53425" + }, + { + "name": "openSUSE-SU-2013:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-24.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-24.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gtpv2.c?r1=48393&r2=48392&pathrev=48393", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gtpv2.c?r1=48393&r2=48392&pathrev=48393" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "oval:org.mitre.oval:def:16779", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16779" + }, + { + "name": "openSUSE-SU-2013:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html" + }, + { + "name": "DSA-2700", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2700" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48393", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48393" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493" + }, + { + "name": "openSUSE-SU-2013:0947", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html" + }, + { + "name": "openSUSE-SU-2013:1084", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3642.json b/2013/3xxx/CVE-2013-3642.json index fcd64a72d6c..bcc0d4a18bc 100644 --- a/2013/3xxx/CVE-2013-3642.json +++ b/2013/3xxx/CVE-2013-3642.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-3642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#79301570", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN79301570/index.html" - }, - { - "name" : "JVNDB-2013-000055", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#79301570", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN79301570/index.html" + }, + { + "name": "JVNDB-2013-000055", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000055" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3713.json b/2013/3xxx/CVE-2013-3713.json index cb7c634a411..9d7782f240d 100644 --- a/2013/3xxx/CVE-2013-3713.json +++ b/2013/3xxx/CVE-2013-3713.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the \"users\" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=843230", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=843230" - }, - { - "name" : "openSUSE-SU-2013:1955", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00117.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the \"users\" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1955", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00117.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=843230", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=843230" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4255.json b/2013/4xxx/CVE-2013-4255.json index 7aff2b5dcb2..9c2072012b0 100644 --- a/2013/4xxx/CVE-2013-4255.json +++ b/2013/4xxx/CVE-2013-4255.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829", - "refsource" : "MISC", - "url" : "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=919401", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=919401" - }, - { - "name" : "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786", - "refsource" : "CONFIRM", - "url" : "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786" - }, - { - "name" : "RHSA-2013:1171", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1171.html" - }, - { - "name" : "RHSA-2013:1172", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1172.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1172", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html" + }, + { + "name": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786", + "refsource": "CONFIRM", + "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786" + }, + { + "name": "RHSA-2013:1171", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=919401", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401" + }, + { + "name": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829", + "refsource": "MISC", + "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4414.json b/2013/4xxx/CVE-2013-4414.json index 13a94012d31..cc2a2d8aa29 100644 --- a/2013/4xxx/CVE-2013-4414.json +++ b/2013/4xxx/CVE-2013-4414.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the \"Max allowance\" field in the \"Set limit\" form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606" - }, - { - "name" : "RHSA-2013:1851", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1851.html" - }, - { - "name" : "RHSA-2013:1852", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1852.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the \"Max allowance\" field in the \"Set limit\" form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606" + }, + { + "name": "RHSA-2013:1851", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html" + }, + { + "name": "RHSA-2013:1852", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4649.json b/2013/4xxx/CVE-2013-4649.json index 98a5b4c3e0e..6c37037af65 100644 --- a/2013/4xxx/CVE-2013-4649.json +++ b/2013/4xxx/CVE-2013-4649.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.dnnsoftware.com/platform/manage/security-center", - "refsource" : "CONFIRM", - "url" : "http://www.dnnsoftware.com/platform/manage/security-center" - }, - { - "name" : "53493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53493" - }, - { - "name" : "dotnetnuke-cve20134649-dnnvariable-xss(86432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53493" + }, + { + "name": "http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html" + }, + { + "name": "http://www.dnnsoftware.com/platform/manage/security-center", + "refsource": "CONFIRM", + "url": "http://www.dnnsoftware.com/platform/manage/security-center" + }, + { + "name": "dotnetnuke-cve20134649-dnnvariable-xss(86432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86432" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4791.json b/2013/4xxx/CVE-2013-4791.json index 4f91bc0e20f..ecc3a08c2ac 100644 --- a/2013/4xxx/CVE-2013-4791.json +++ b/2013/4xxx/CVE-2013-4791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4791", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4791", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6907.json b/2013/6xxx/CVE-2013-6907.json index ec264d475cc..d65c202f0c2 100644 --- a/2013/6xxx/CVE-2013-6907.json +++ b/2013/6xxx/CVE-2013-6907.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-6907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20131202up01.php", - "refsource" : "MISC", - "url" : "http://cs.cybozu.co.jp/information/20131202up01.php" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/6166", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/6166" - }, - { - "name" : "JVN#23981867", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN23981867/index.html" - }, - { - "name" : "JVNDB-2013-000113", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20131202up01.php", + "refsource": "MISC", + "url": "http://cs.cybozu.co.jp/information/20131202up01.php" + }, + { + "name": "JVNDB-2013-000113", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" + }, + { + "name": "JVN#23981867", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN23981867/index.html" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/6166", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/6166" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7075.json b/2013/7xxx/CVE-2013-7075.json index a73854d0ce0..1ed98cc9ec7 100644 --- a/2013/7xxx/CVE-2013-7075.json +++ b/2013/7xxx/CVE-2013-7075.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a \"missing signature.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/473" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/" - }, - { - "name" : "DSA-2834", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a \"missing signature.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/473" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/" + }, + { + "name": "DSA-2834", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2834" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7093.json b/2013/7xxx/CVE-2013-7093.json index 35ef59fc71f..6957b1ddd38 100644 --- a/2013/7xxx/CVE-2013-7093.json +++ b/2013/7xxx/CVE-2013-7093.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-13-023-saprouter-authentication-bypass/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-13-023-saprouter-authentication-bypass/" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1853140", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1853140" - }, - { - "name" : "saprouter-configuration-sec-bypass(89604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "saprouter-configuration-sec-bypass(89604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89604" + }, + { + "name": "https://erpscan.io/advisories/erpscan-13-023-saprouter-authentication-bypass/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-13-023-saprouter-authentication-bypass/" + }, + { + "name": "https://service.sap.com/sap/support/notes/1853140", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1853140" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7313.json b/2013/7xxx/CVE-2013-7313.json index 6ab0fa64409..4e9fd6eff25 100644 --- a/2013/7xxx/CVE-2013-7313.json +++ b/2013/7xxx/CVE-2013-7313.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/BLUU-97KQ26", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/BLUU-97KQ26" - }, - { - "name" : "VU#229804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/229804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/BLUU-97KQ26", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/BLUU-97KQ26" + }, + { + "name": "VU#229804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/229804" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10235.json b/2017/10xxx/CVE-2017-10235.json index aa0bed610bc..7318acd4aa5 100644 --- a/2017/10xxx/CVE-2017-10235.json +++ b/2017/10xxx/CVE-2017-10235.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.1.24" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.24" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99705" - }, - { - "name" : "1038929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99705" + }, + { + "name": "1038929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038929" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10469.json b/2017/10xxx/CVE-2017-10469.json index e3c54c772d5..031b8d37c35 100644 --- a/2017/10xxx/CVE-2017-10469.json +++ b/2017/10xxx/CVE-2017-10469.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10469", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10469", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10667.json b/2017/10xxx/CVE-2017-10667.json index 165b6dbfa82..8bff69a0cec 100644 --- a/2017/10xxx/CVE-2017-10667.json +++ b/2017/10xxx/CVE-2017-10667.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zencart/zencart/issues/1443", - "refsource" : "MISC", - "url" : "https://github.com/zencart/zencart/issues/1443" - }, - { - "name" : "https://github.com/zhonghaozhao/zencart/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/zhonghaozhao/zencart/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zencart/zencart/issues/1443", + "refsource": "MISC", + "url": "https://github.com/zencart/zencart/issues/1443" + }, + { + "name": "https://github.com/zhonghaozhao/zencart/issues/1", + "refsource": "MISC", + "url": "https://github.com/zhonghaozhao/zencart/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10989.json b/2017/10xxx/CVE-2017-10989.json index 18e39a199ba..03b28b63d19 100644 --- a/2017/10xxx/CVE-2017-10989.json +++ b/2017/10xxx/CVE-2017-10989.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html" - }, - { - "name" : "http://marc.info/?l=sqlite-users&m=149933696214713&w=2", - "refsource" : "MISC", - "url" : "http://marc.info/?l=sqlite-users&m=149933696214713&w=2" - }, - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937" - }, - { - "name" : "https://sqlite.org/src/info/66de6f4a", - "refsource" : "MISC", - "url" : "https://sqlite.org/src/info/66de6f4a" - }, - { - "name" : "https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26", - "refsource" : "MISC", - "url" : "https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26" - }, - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208115", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208115" - }, - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "99502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99502" - }, - { - "name" : "1039427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + }, + { + "name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html" + }, + { + "name": "https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26", + "refsource": "MISC", + "url": "https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405" + }, + { + "name": "https://sqlite.org/src/info/66de6f4a", + "refsource": "MISC", + "url": "https://sqlite.org/src/info/66de6f4a" + }, + { + "name": "1039427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039427" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "http://marc.info/?l=sqlite-users&m=149933696214713&w=2", + "refsource": "MISC", + "url": "http://marc.info/?l=sqlite-users&m=149933696214713&w=2" + }, + { + "name": "https://support.apple.com/HT208115", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208115" + }, + { + "name": "99502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99502" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12258.json b/2017/12xxx/CVE-2017-12258.json index 695c10f85bd..ba01a666f03 100644 --- a/2017/12xxx/CVE-2017-12258.json +++ b/2017/12xxx/CVE-2017-12258.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-59" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm" - }, - { - "name" : "101172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101172" - }, - { - "name" : "1039505", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101172" + }, + { + "name": "1039505", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039505" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12316.json b/2017/12xxx/CVE-2017-12316.json index 705b024a20f..9756a8bbaeb 100644 --- a/2017/12xxx/CVE-2017-12316.json +++ b/2017/12xxx/CVE-2017-12316.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Identity Services Engine" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine", + "version": { + "version_data": [ + { + "version_value": "Cisco Identity Services Engine" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise" - }, - { - "name" : "101931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101931" - }, - { - "name" : "1039830", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise" + }, + { + "name": "1039830", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039830" + }, + { + "name": "101931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101931" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12335.json b/2017/12xxx/CVE-2017-12335.json index 98916f1ac61..d81cde2463f 100644 --- a/2017/12xxx/CVE-2017-12335.json +++ b/2017/12xxx/CVE-2017-12335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco NX-OS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco NX-OS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco NX-OS", + "version": { + "version_data": [ + { + "version_value": "Cisco NX-OS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4" - }, - { - "name" : "102165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102165" - }, - { - "name" : "1039935", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4" + }, + { + "name": "1039935", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039935" + }, + { + "name": "102165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102165" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12663.json b/2017/12xxx/CVE-2017-12663.json index 918e4776c76..9b5d71fefa8 100644 --- a/2017/12xxx/CVE-2017-12663.json +++ b/2017/12xxx/CVE-2017-12663.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/6233ef75bb973745ab1092b59aea8fe316f09074", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/6233ef75bb973745ab1092b59aea8fe316f09074" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/573", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/6233ef75bb973745ab1092b59aea8fe316f09074", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/6233ef75bb973745ab1092b59aea8fe316f09074" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/573", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/573" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13230.json b/2017/13xxx/CVE-2017-13230.json index 0033d48f639..e80a08e7db4 100644 --- a/2017/13xxx/CVE-2017-13230.json +++ b/2017/13xxx/CVE-2017-13230.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-13230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-13230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-02-01" - }, - { - "name" : "102976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-02-01" + }, + { + "name": "102976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102976" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13242.json b/2017/13xxx/CVE-2017-13242.json index 31fd2813a1c..5819422163f 100644 --- a/2017/13xxx/CVE-2017-13242.json +++ b/2017/13xxx/CVE-2017-13242.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-13242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-13242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" - }, - { - "name" : "103014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103014" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13324.json b/2017/13xxx/CVE-2017-13324.json index 28cee5be82a..543b771b771 100644 --- a/2017/13xxx/CVE-2017-13324.json +++ b/2017/13xxx/CVE-2017-13324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13324", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13324", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13773.json b/2017/13xxx/CVE-2017-13773.json index 2841ba44baf..28df502dbd0 100644 --- a/2017/13xxx/CVE-2017-13773.json +++ b/2017/13xxx/CVE-2017-13773.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13773", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13773", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13994.json b/2017/13xxx/CVE-2017-13994.json index def499c2b70..b972e27f855 100644 --- a/2017/13xxx/CVE-2017-13994.json +++ b/2017/13xxx/CVE-2017-13994.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-13994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LOYTEC LVIS-3ME", - "version" : { - "version_data" : [ - { - "version_value" : "LOYTEC LVIS-3ME" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-13994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LOYTEC LVIS-3ME", + "version": { + "version_data": [ + { + "version_value": "LOYTEC LVIS-3ME" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01" - }, - { - "name" : "100847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01" + }, + { + "name": "100847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100847" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16023.json b/2017/16xxx/CVE-2017-16023.json index 62782dea7be..bc6f997b9e5 100644 --- a/2017/16xxx/CVE-2017-16023.json +++ b/2017/16xxx/CVE-2017-16023.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "decamelize node module", - "version" : { - "version_data" : [ - { - "version_value" : ">=1.1.0 <=1.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "decamelize node module", + "version": { + "version_data": [ + { + "version_value": ">=1.1.0 <=1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sindresorhus/decamelize/issues/5", - "refsource" : "MISC", - "url" : "https://github.com/sindresorhus/decamelize/issues/5" - }, - { - "name" : "https://nodesecurity.io/advisories/308", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sindresorhus/decamelize/issues/5", + "refsource": "MISC", + "url": "https://github.com/sindresorhus/decamelize/issues/5" + }, + { + "name": "https://nodesecurity.io/advisories/308", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/308" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17015.json b/2017/17xxx/CVE-2017-17015.json index 02f67f40810..6e9bbe55e44 100644 --- a/2017/17xxx/CVE-2017-17015.json +++ b/2017/17xxx/CVE-2017-17015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17015", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17179.json b/2017/17xxx/CVE-2017-17179.json index 1ed3418387d..7fcff67aeae 100644 --- a/2017/17xxx/CVE-2017-17179.json +++ b/2017/17xxx/CVE-2017-17179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17179", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17179", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17405.json b/2017/17xxx/CVE-2017-17405.json index 7aaad3099b3..6217a0be0c6 100644 --- a/2017/17xxx/CVE-2017-17405.json +++ b/2017/17xxx/CVE-2017-17405.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43381", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43381/" - }, - { - "name" : "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html" - }, - { - "name" : "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html" - }, - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/" - }, - { - "name" : "DSA-4259", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4259" - }, - { - "name" : "RHSA-2018:0378", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0378" - }, - { - "name" : "RHSA-2018:0583", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0583" - }, - { - "name" : "RHSA-2018:0584", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0584" - }, - { - "name" : "RHSA-2018:0585", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0585" - }, - { - "name" : "102204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102204" - }, - { - "name" : "1042004", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0585", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0585" + }, + { + "name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html" + }, + { + "name": "RHSA-2018:0378", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0378" + }, + { + "name": "102204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102204" + }, + { + "name": "1042004", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042004" + }, + { + "name": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/" + }, + { + "name": "43381", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43381/" + }, + { + "name": "RHSA-2018:0584", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0584" + }, + { + "name": "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" + }, + { + "name": "RHSA-2018:0583", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0583" + }, + { + "name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html" + }, + { + "name": "DSA-4259", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4259" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17506.json b/2017/17xxx/CVE-2017-17506.json index bcc4ce7c298..97f3b85ef82 100644 --- a/2017/17xxx/CVE-2017-17506.json +++ b/2017/17xxx/CVE-2017-17506.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18023.json b/2018/18xxx/CVE-2018-18023.json index 8d9ec3a2c1b..3bba3673159 100644 --- a/2018/18xxx/CVE-2018-18023.json +++ b/2018/18xxx/CVE-2018-18023.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1336", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1336", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1336" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18043.json b/2018/18xxx/CVE-2018-18043.json index 95c737b6d62..7c356227db0 100644 --- a/2018/18xxx/CVE-2018-18043.json +++ b/2018/18xxx/CVE-2018-18043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18043", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18043", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18093.json b/2018/18xxx/CVE-2018-18093.json index 636b771dc30..fee2111aa06 100644 --- a/2018/18xxx/CVE-2018-18093.json +++ b/2018/18xxx/CVE-2018-18093.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-18093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel VTune Amplifier", - "version" : { - "version_data" : [ - { - "version_value" : "Intel VTune Amplifier 2018 Update 3 and before" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-18093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel VTune Amplifier", + "version": { + "version_data": [ + { + "version_value": "Intel VTune Amplifier 2018 Update 3 and before" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00194.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00194.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00194.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00194.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18451.json b/2018/18xxx/CVE-2018-18451.json index 7bc62dc5534..caccb260024 100644 --- a/2018/18xxx/CVE-2018-18451.json +++ b/2018/18xxx/CVE-2018-18451.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18451", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18451", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18913.json b/2018/18xxx/CVE-2018-18913.json index 89affcc6443..560b423d816 100644 --- a/2018/18xxx/CVE-2018-18913.json +++ b/2018/18xxx/CVE-2018-18913.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18913", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18913", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19200.json b/2018/19xxx/CVE-2018-19200.json index 5add31be4b3..7026db54ad4 100644 --- a/2018/19xxx/CVE-2018-19200.json +++ b/2018/19xxx/CVE-2018-19200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181120 [SECURITY] [DLA 1581-1] uriparser security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00019.html" - }, - { - "name" : "https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog", - "refsource" : "MISC", - "url" : "https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog" - }, - { - "name" : "https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539", - "refsource" : "MISC", - "url" : "https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1581-1] uriparser security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00019.html" + }, + { + "name": "https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog", + "refsource": "MISC", + "url": "https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog" + }, + { + "name": "https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539", + "refsource": "MISC", + "url": "https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19355.json b/2018/19xxx/CVE-2018-19355.json index 94897c7ed6c..2bcbaad34b3 100644 --- a/2018/19xxx/CVE-2018-19355.json +++ b/2018/19xxx/CVE-2018-19355.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ia-informatica.com/it/CVE-2018-19355", - "refsource" : "MISC", - "url" : "https://ia-informatica.com/it/CVE-2018-19355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ia-informatica.com/it/CVE-2018-19355", + "refsource": "MISC", + "url": "https://ia-informatica.com/it/CVE-2018-19355" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19495.json b/2018/19xxx/CVE-2018-19495.json index d45223272f5..5b55aff0c81 100644 --- a/2018/19xxx/CVE-2018-19495.json +++ b/2018/19xxx/CVE-2018-19495.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19495", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19495", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19561.json b/2018/19xxx/CVE-2018-19561.json index 59b5e813d24..0ac5f076449 100644 --- a/2018/19xxx/CVE-2018-19561.json +++ b/2018/19xxx/CVE-2018-19561.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/chenfeizhou/sikcms-v1.1/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/chenfeizhou/sikcms-v1.1/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chenfeizhou/sikcms-v1.1/issues/1", + "refsource": "MISC", + "url": "https://github.com/chenfeizhou/sikcms-v1.1/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19674.json b/2018/19xxx/CVE-2018-19674.json index 39ac2794693..ffa581a91ab 100644 --- a/2018/19xxx/CVE-2018-19674.json +++ b/2018/19xxx/CVE-2018-19674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19674", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19674", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1275.json b/2018/1xxx/CVE-2018-1275.json index 236c856d2bc..1f798df1482 100644 --- a/2018/1xxx/CVE-2018-1275.json +++ b/2018/1xxx/CVE-2018-1275.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-04-09T00:00:00", - "ID" : "CVE-2018-1275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spring Framework", - "version" : { - "version_data" : [ - { - "version_value" : "Versions prior to 5.0.5 and 4.3.16" - } - ] - } - } - ] - }, - "vendor_name" : "Spring by Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-94 - Code Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-04-09T00:00:00", + "ID": "CVE-2018-1275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 5.0.5 and 4.3.16" + } + ] + } + } + ] + }, + "vendor_name": "Spring by Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-1275", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-1275" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "RHSA-2018:1320", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1320" - }, - { - "name" : "RHSA-2018:2939", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2939" - }, - { - "name" : "103771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103771" - }, - { - "name" : "1041301", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 - Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041301", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041301" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://pivotal.io/security/cve-2018-1275", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-1275" + }, + { + "name": "RHSA-2018:2939", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2939" + }, + { + "name": "RHSA-2018:1320", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1320" + }, + { + "name": "103771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103771" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1549.json b/2018/1xxx/CVE-2018-1549.json index cad5e3e7b8e..7dc28d3e30d 100644 --- a/2018/1xxx/CVE-2018-1549.json +++ b/2018/1xxx/CVE-2018-1549.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-06T00:00:00", - "ID" : "CVE-2018-1549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-06T00:00:00", + "ID": "CVE-2018-1549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716607", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716607" - }, - { - "name" : "ibm-rqm-cve20181549-response-splitting(142658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716607", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716607" + }, + { + "name": "ibm-rqm-cve20181549-response-splitting(142658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142658" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1892.json b/2018/1xxx/CVE-2018-1892.json index 39dd65e69e4..b7b026badc0 100644 --- a/2018/1xxx/CVE-2018-1892.json +++ b/2018/1xxx/CVE-2018-1892.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1892", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1892", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5740.json b/2018/5xxx/CVE-2018-5740.json index 370c48ac89c..695610862fc 100644 --- a/2018/5xxx/CVE-2018-5740.json +++ b/2018/5xxx/CVE-2018-5740.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-officer@isc.org", - "DATE_PUBLIC" : "2018-08-08T08:00:00.000Z", - "ID" : "CVE-2018-5740", - "STATE" : "PUBLIC", - "TITLE" : "A flaw in the \"deny-answer-aliases\" feature can cause an assertion failure in named" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIND 9", - "version" : { - "version_data" : [ - { - "version_name" : "BIND 9 ", - "version_value" : "9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2" - } - ] - } - } - ] - }, - "vendor_name" : "ISC" - } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "Only servers which have explicitly enabled the \"deny-answer-aliases\" feature are at risk and disabling the feature prevents exploitation." - } - ], - "credit" : [ - { - "lang" : "eng", - "value" : "ISC would like to thank Tony Finch of the University of Cambridge for reporting this issue." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients." - }, - { - "lang" : "eng", - "value" : "Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients. Only servers which have explicitly enabled the \"deny-answer-aliases\" feature are at risk and disabling the feature prevents exploitation." - } + "CVE_data_meta": { + "ASSIGNER": "security-officer@isc.org", + "DATE_PUBLIC": "2018-08-08T08:00:00.000Z", + "ID": "CVE-2018-5740", + "STATE": "PUBLIC", + "TITLE": "A flaw in the \"deny-answer-aliases\" feature can cause an assertion failure in named" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIND 9", + "version": { + "version_data": [ + { + "version_name": "BIND 9 ", + "version_value": "9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2" + } + ] + } + } + ] + }, + "vendor_name": "ISC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180830 [SECURITY] [DLA 1485-1] bind9 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html" - }, - { - "name" : "https://kb.isc.org/docs/aa-01639", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/docs/aa-01639" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180926-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180926-0003/" - }, - { - "name" : "GLSA-201903-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-13" - }, - { - "name" : "RHSA-2018:2570", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2570" - }, - { - "name" : "RHSA-2018:2571", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2571" - }, - { - "name" : "USN-3769-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3769-1/" - }, - { - "name" : "USN-3769-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3769-2/" - }, - { - "name" : "105055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105055" - }, - { - "name" : "1041436", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041436" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Most operators will not need to make any changes unless they are using the \"deny-answer-aliases\" feature (which is described in the BIND 9 Adminstrator Reference Manual section 6.2.) \"deny-answer-aliases\" is off by default; only configurations which explicitly enable it can be affected by this defect.\n\nIf you are using \"deny-answer-aliases\", upgrade to the patched release most closely related to your current version of BIND.\n\n 9.9.13-P1\n 9.10.8-P1\n 9.11.4-P1\n 9.12.2-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n 9.11.3-S3\n" - } - ], - "source" : { - "discovery" : "EXTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "This vulnerability can be avoided by disabling the \"deny-answer-aliases\" feature if it is in use." - } - ] -} + } + }, + "configuration": [ + { + "lang": "eng", + "value": "Only servers which have explicitly enabled the \"deny-answer-aliases\" feature are at risk and disabling the feature prevents exploitation." + } + ], + "credit": [ + { + "lang": "eng", + "value": "ISC would like to thank Tony Finch of the University of Cambridge for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients." + }, + { + "lang": "eng", + "value": "Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients. Only servers which have explicitly enabled the \"deny-answer-aliases\" feature are at risk and disabling the feature prevents exploitation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105055" + }, + { + "name": "[debian-lts-announce] 20180830 [SECURITY] [DLA 1485-1] bind9 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html" + }, + { + "name": "RHSA-2018:2570", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2570" + }, + { + "name": "RHSA-2018:2571", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2571" + }, + { + "name": "USN-3769-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3769-2/" + }, + { + "name": "1041436", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041436" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180926-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180926-0003/" + }, + { + "name": "https://kb.isc.org/docs/aa-01639", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/docs/aa-01639" + }, + { + "name": "USN-3769-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3769-1/" + }, + { + "name": "GLSA-201903-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-13" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Most operators will not need to make any changes unless they are using the \"deny-answer-aliases\" feature (which is described in the BIND 9 Adminstrator Reference Manual section 6.2.) \"deny-answer-aliases\" is off by default; only configurations which explicitly enable it can be affected by this defect.\n\nIf you are using \"deny-answer-aliases\", upgrade to the patched release most closely related to your current version of BIND.\n\n 9.9.13-P1\n 9.10.8-P1\n 9.11.4-P1\n 9.12.2-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n 9.11.3-S3\n" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "This vulnerability can be avoided by disabling the \"deny-answer-aliases\" feature if it is in use." + } + ] +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5887.json b/2018/5xxx/CVE-2018-5887.json index cd8f74bc7b0..dc0e456cf45 100644 --- a/2018/5xxx/CVE-2018-5887.json +++ b/2018/5xxx/CVE-2018-5887.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-5887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2018-5887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5939.json b/2018/5xxx/CVE-2018-5939.json index b3091028f61..0721fd70cf7 100644 --- a/2018/5xxx/CVE-2018-5939.json +++ b/2018/5xxx/CVE-2018-5939.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5939", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5939", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file