diff --git a/2004/1xxx/CVE-2004-1340.json b/2004/1xxx/CVE-2004-1340.json index ad113e8b9a0..2f74dc85eeb 100644 --- a/2004/1xxx/CVE-2004-1340.json +++ b/2004/1xxx/CVE-2004-1340.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-659", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-659" - }, - { - "name" : "1013030", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013030" - }, - { - "name" : "14046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14046" - }, - { - "name" : "libpamradiusauth-insecure-permission(19087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013030", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013030" + }, + { + "name": "libpamradiusauth-insecure-permission(19087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19087" + }, + { + "name": "14046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14046" + }, + { + "name": "DSA-659", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-659" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1465.json b/2004/1xxx/CVE-2004-1465.json index 93e5b8f096b..92154a15ea5 100644 --- a/2004/1xxx/CVE-2004-1465.json +++ b/2004/1xxx/CVE-2004-1465.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040901 WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109416099301369&w=2" - }, - { - "name" : "http://www.winzip.com/wz90sr1.htm", - "refsource" : "CONFIRM", - "url" : "http://www.winzip.com/wz90sr1.htm" - }, - { - "name" : "O-211", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-211.shtml" - }, - { - "name" : "11092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11092" - }, - { - "name" : "1011132", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011132" - }, - { - "name" : "winzip-code-execution(17192)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17192" - }, - { - "name" : "winzip-command-line-bo(17197)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040901 WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109416099301369&w=2" + }, + { + "name": "winzip-command-line-bo(17197)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17197" + }, + { + "name": "11092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11092" + }, + { + "name": "winzip-code-execution(17192)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17192" + }, + { + "name": "http://www.winzip.com/wz90sr1.htm", + "refsource": "CONFIRM", + "url": "http://www.winzip.com/wz90sr1.htm" + }, + { + "name": "1011132", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011132" + }, + { + "name": "O-211", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-211.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1893.json b/2004/1xxx/CVE-2004-1893.json index aa43270d883..52a6b48c71c 100644 --- a/2004/1xxx/CVE-2004-1893.json +++ b/2004/1xxx/CVE-2004-1893.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dreamweaver MX, when \"Using Driver On Testing Server\" or \"Using DSN on Testing Server\" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nextgenss.com/advisories/dreamweaver.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/dreamweaver.txt" - }, - { - "name" : "20040403 [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108102481929451&w=2" - }, - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html" - }, - { - "name" : "10036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10036" - }, - { - "name" : "11284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11284" - }, - { - "name" : "dreamweaver-test-script-sql-injection(15721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dreamweaver MX, when \"Using Driver On Testing Server\" or \"Using DSN on Testing Server\" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040403 [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108102481929451&w=2" + }, + { + "name": "11284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11284" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html" + }, + { + "name": "10036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10036" + }, + { + "name": "dreamweaver-test-script-sql-injection(15721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15721" + }, + { + "name": "http://www.nextgenss.com/advisories/dreamweaver.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/dreamweaver.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1918.json b/2004/1xxx/CVE-2004-1918.json index bbfba7c8eab..937e9905efd 100644 --- a/2004/1xxx/CVE-2004-1918.json +++ b/2004/1xxx/CVE-2004-1918.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040409 DoS in Rsniff 1.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108152508004665&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/rsniff-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/rsniff-adv.txt" - }, - { - "name" : "10093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10093" - }, - { - "name" : "11339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11339" - }, - { - "name" : "rsniff-connection-dos(15823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/rsniff-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/rsniff-adv.txt" + }, + { + "name": "11339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11339" + }, + { + "name": "10093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10093" + }, + { + "name": "20040409 DoS in Rsniff 1.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108152508004665&w=2" + }, + { + "name": "rsniff-connection-dos(15823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15823" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1964.json b/2004/1xxx/CVE-2004-1964.json index 441bef1dca6..61ed9f56a6e 100644 --- a/2004/1xxx/CVE-2004-1964.json +++ b/2004/1xxx/CVE-2004-1964.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040423 [waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108276405108267&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=24", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=24" - }, - { - "name" : "10205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10205" - }, - { - "name" : "11479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11479" - }, - { - "name" : "nqt-nqtphp-xss(15929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=24", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=24" + }, + { + "name": "nqt-nqtphp-xss(15929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15929" + }, + { + "name": "20040423 [waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108276405108267&w=2" + }, + { + "name": "10205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10205" + }, + { + "name": "11479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11479" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0295.json b/2008/0xxx/CVE-2008-0295.json index 2b68eb3e3aa..c9ace98bce1 100644 --- a/2008/0xxx/CVE-2008-0295.json +++ b/2008/0xxx/CVE-2008-0295.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/vlcxhof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/vlcxhof-adv.txt" - }, - { - "name" : "DSA-1543", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1543" - }, - { - "name" : "GLSA-200803-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml" - }, - { - "name" : "27221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27221" - }, - { - "name" : "oval:org.mitre.oval:def:14776", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776" - }, - { - "name" : "ADV-2008-0105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0105" - }, - { - "name" : "28383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28383" - }, - { - "name" : "29284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29284" - }, - { - "name" : "29766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0105" + }, + { + "name": "29284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29284" + }, + { + "name": "DSA-1543", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1543" + }, + { + "name": "27221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27221" + }, + { + "name": "28383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28383" + }, + { + "name": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt" + }, + { + "name": "oval:org.mitre.oval:def:14776", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776" + }, + { + "name": "29766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29766" + }, + { + "name": "GLSA-200803-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3448.json b/2008/3xxx/CVE-2008-3448.json index a4890273efd..c2a439c0d35 100644 --- a/2008/3xxx/CVE-2008-3448.json +++ b/2008/3xxx/CVE-2008-3448.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080731 [~] Greetz : Me93fg & Mr.SaFa7", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494971/100/0/threaded" - }, - { - "name" : "20080927 csphonebook 1.02 Remote XSS Vulnerabilitiy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496788/100/0/threaded" - }, - { - "name" : "30485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30485" - }, - { - "name" : "31359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31359" - }, - { - "name" : "4102", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4102" - }, - { - "name" : "csphonebook-index-xss(44180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30485" + }, + { + "name": "20080731 [~] Greetz : Me93fg & Mr.SaFa7", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494971/100/0/threaded" + }, + { + "name": "4102", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4102" + }, + { + "name": "31359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31359" + }, + { + "name": "csphonebook-index-xss(44180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44180" + }, + { + "name": "20080927 csphonebook 1.02 Remote XSS Vulnerabilitiy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496788/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3470.json b/2008/3xxx/CVE-2008-3470.json index 2c60b71f06d..cac780605b6 100644 --- a/2008/3xxx/CVE-2008-3470.json +++ b/2008/3xxx/CVE-2008-3470.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3470", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-3470", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3486.json b/2008/3xxx/CVE-2008-3486.json index e634b6c315b..01164719cd4 100644 --- a/2008/3xxx/CVE-2008-3486.json +++ b/2008/3xxx/CVE-2008-3486.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6178", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6178" - }, - { - "name" : "30480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30480" - }, - { - "name" : "31295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31295" - }, - { - "name" : "4108", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4108" - }, - { - "name" : "coppermine-lang-file-include(44133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31295" + }, + { + "name": "4108", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4108" + }, + { + "name": "30480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30480" + }, + { + "name": "coppermine-lang-file-include(44133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133" + }, + { + "name": "6178", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6178" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3495.json b/2008/3xxx/CVE-2008-3495.json index 89bc79b6319..012294770dd 100644 --- a/2008/3xxx/CVE-2008-3495.json +++ b/2008/3xxx/CVE-2008-3495.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl" - }, - { - "name" : "30534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30534" - }, - { - "name" : "pcsheyportal-kategori-sql-injection(44213)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pcsheyportal-kategori-sql-injection(44213)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44213" + }, + { + "name": "30534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30534" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3781.json b/2008/3xxx/CVE-2008-3781.json index 983a624a012..56d19e46411 100644 --- a/2008/3xxx/CVE-2008-3781.json +++ b/2008/3xxx/CVE-2008-3781.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released", - "refsource" : "CONFIRM", - "url" : "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=621342&group_id=27707", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=621342&group_id=27707" - }, - { - "name" : "30812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30812" - }, - { - "name" : "31596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31596" - }, - { - "name" : "gbrowse-unspecified-xss(44632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gbrowse-unspecified-xss(44632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632" + }, + { + "name": "30812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30812" + }, + { + "name": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released", + "refsource": "CONFIRM", + "url": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=621342&group_id=27707", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=621342&group_id=27707" + }, + { + "name": "31596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31596" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4128.json b/2008/4xxx/CVE-2008-4128.json index db9234a334a..5793ab7c1f2 100644 --- a/2008/4xxx/CVE-2008-4128.json +++ b/2008/4xxx/CVE-2008-4128.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain \"show privilege\" command to the /level/15/exec/- URI, and (2) a certain \"alias exec\" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6476", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6476" - }, - { - "name" : "6477", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6477" - }, - { - "name" : "http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html", - "refsource" : "MISC", - "url" : "http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html" - }, - { - "name" : "31218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31218" - }, - { - "name" : "cisco-router-csrf(45226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain \"show privilege\" command to the /level/15/exec/- URI, and (2) a certain \"alias exec\" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6476", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6476" + }, + { + "name": "cisco-router-csrf(45226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45226" + }, + { + "name": "http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html", + "refsource": "MISC", + "url": "http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html" + }, + { + "name": "6477", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6477" + }, + { + "name": "31218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31218" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4579.json b/2008/4xxx/CVE-2008-4579.json index 7ca393117f4..12799fc8ea0 100644 --- a/2008/4xxx/CVE-2008-4579.json +++ b/2008/4xxx/CVE-2008-4579.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=240576", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=240576" - }, - { - "name" : "[oss-security] 20081013 Re: CVE Request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/13/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=467386", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=467386" - }, - { - "name" : "FEDORA-2008-9042", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html" - }, - { - "name" : "RHSA-2011:0266", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0266.html" - }, - { - "name" : "RHSA-2009:1341", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1341.html" - }, - { - "name" : "USN-875-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-875-1" - }, - { - "name" : "31904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31904" - }, - { - "name" : "oval:org.mitre.oval:def:10799", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799" - }, - { - "name" : "32387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32387" - }, - { - "name" : "32390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32390" - }, - { - "name" : "43362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43362" - }, - { - "name" : "36530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36530" - }, - { - "name" : "ADV-2011-0419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=240576", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=240576" + }, + { + "name": "RHSA-2009:1341", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1341.html" + }, + { + "name": "32390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32390" + }, + { + "name": "32387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32387" + }, + { + "name": "oval:org.mitre.oval:def:10799", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799" + }, + { + "name": "ADV-2011-0419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0419" + }, + { + "name": "USN-875-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-875-1" + }, + { + "name": "31904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31904" + }, + { + "name": "[oss-security] 20081013 Re: CVE Request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/13/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=467386", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467386" + }, + { + "name": "36530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36530" + }, + { + "name": "FEDORA-2008-9042", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html" + }, + { + "name": "43362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43362" + }, + { + "name": "RHSA-2011:0266", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0266.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4809.json b/2008/4xxx/CVE-2008-4809.json index 7c8d09557c9..33cce180167 100644 --- a/2008/4xxx/CVE-2008-4809.json +++ b/2008/4xxx/CVE-2008-4809.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to \"Active\" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014008", - "refsource" : "MISC", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014008" - }, - { - "name" : "31989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31989" - }, - { - "name" : "32466", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32466" - }, - { - "name" : "lotus-connections-active-unspecified(46217)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to \"Active\" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-connections-active-unspecified(46217)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46217" + }, + { + "name": "32466", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32466" + }, + { + "name": "31989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31989" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008", + "refsource": "MISC", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6243.json b/2008/6xxx/CVE-2008-6243.json index 9ca453ecb58..c513b88ae08 100644 --- a/2008/6xxx/CVE-2008-6243.json +++ b/2008/6xxx/CVE-2008-6243.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6903", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6903" - }, - { - "name" : "49546", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49546" - }, - { - "name" : "32536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32536" - }, - { - "name" : "hotscriptslikesite-software-sql-injection(46277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46277" - }, - { - "name" : "hotscriptslikesite-showcategory-sql-inject(48945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32536" + }, + { + "name": "hotscriptslikesite-software-sql-injection(46277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46277" + }, + { + "name": "6903", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6903" + }, + { + "name": "hotscriptslikesite-showcategory-sql-inject(48945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48945" + }, + { + "name": "49546", + "refsource": "OSVDB", + "url": "http://osvdb.org/49546" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6342.json b/2008/6xxx/CVE-2008-6342.json index cfbe114ffc9..09b2fa0da53 100644 --- a/2008/6xxx/CVE-2008-6342.json +++ b/2008/6xxx/CVE-2008-6342.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/" - }, - { - "name" : "33301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33301" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/" + }, + { + "name": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6685.json b/2008/6xxx/CVE-2008-6685.json index 387679632a4..c3135ae62e9 100644 --- a/2008/6xxx/CVE-2008-6685.json +++ b/2008/6xxx/CVE-2008-6685.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" - }, - { - "name" : "29837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29837" - }, - { - "name" : "46382", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29837" + }, + { + "name": "46382", + "refsource": "OSVDB", + "url": "http://osvdb.org/46382" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2188.json b/2013/2xxx/CVE-2013-2188.json index 3687addeb8b..505a6e0cd7e 100644 --- a/2013/2xxx/CVE-2013-2188.json +++ b/2013/2xxx/CVE-2013-2188.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975406", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975406", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975406" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2788.json b/2013/2xxx/CVE-2013-2788.json index d273206a45c..84309541f92 100644 --- a/2013/2xxx/CVE-2013-2788.json +++ b/2013/2xxx/CVE-2013-2788.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2806.json b/2013/2xxx/CVE-2013-2806.json index df33da2d7a4..6136ef9721e 100644 --- a/2013/2xxx/CVE-2013-2806.json +++ b/2013/2xxx/CVE-2013-2806.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2806", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2806", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2889.json b/2013/2xxx/CVE-2013-2889.json index dc99322363f..09ffee03b45 100644 --- a/2013/2xxx/CVE-2013-2889.json +++ b/2013/2xxx/CVE-2013-2889.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-input] 20130828 [PATCH 03/14] HID: zeroplus: validate output report details", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-input&m=137772182014614&w=1" - }, - { - "name" : "[oss-security] 20130828 Linux HID security flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/08/28/13" - }, - { - "name" : "RHSA-2013:1645", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1645.html" - }, - { - "name" : "USN-2019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2019-1" - }, - { - "name" : "USN-2020-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2020-1" - }, - { - "name" : "USN-2021-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2021-1" - }, - { - "name" : "USN-2022-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2022-1" - }, - { - "name" : "USN-2023-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2023-1" - }, - { - "name" : "USN-2024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2024-1" - }, - { - "name" : "USN-2038-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2038-1" - }, - { - "name" : "USN-2039-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2039-1" - }, - { - "name" : "USN-2050-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2050-1" - }, - { - "name" : "USN-2015-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2015-1" - }, - { - "name" : "USN-2016-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2016-1" - }, - { - "name" : "62042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2015-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2015-1" + }, + { + "name": "USN-2024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2024-1" + }, + { + "name": "USN-2039-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2039-1" + }, + { + "name": "USN-2022-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2022-1" + }, + { + "name": "[oss-security] 20130828 Linux HID security flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/08/28/13" + }, + { + "name": "RHSA-2013:1645", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html" + }, + { + "name": "USN-2016-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2016-1" + }, + { + "name": "USN-2038-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2038-1" + }, + { + "name": "USN-2020-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2020-1" + }, + { + "name": "USN-2021-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2021-1" + }, + { + "name": "USN-2019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2019-1" + }, + { + "name": "62042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62042" + }, + { + "name": "[linux-input] 20130828 [PATCH 03/14] HID: zeroplus: validate output report details", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-input&m=137772182014614&w=1" + }, + { + "name": "USN-2023-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2023-1" + }, + { + "name": "USN-2050-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2050-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6106.json b/2013/6xxx/CVE-2013-6106.json index cba09392d92..f5673784583 100644 --- a/2013/6xxx/CVE-2013-6106.json +++ b/2013/6xxx/CVE-2013-6106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6106", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6106", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6197.json b/2013/6xxx/CVE-2013-6197.json index 2b50e5f0863..edbf5d3f7b3 100644 --- a/2013/6xxx/CVE-2013-6197.json +++ b/2013/6xxx/CVE-2013-6197.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02959", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075" - }, - { - "name" : "SSRT101405", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075" - }, - { - "name" : "1029541", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029541" - }, - { - "name" : "hp-service-manager-cve20136197-code-exec(89974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101405", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075" + }, + { + "name": "1029541", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029541" + }, + { + "name": "HPSBMU02959", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075" + }, + { + "name": "hp-service-manager-cve20136197-code-exec(89974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89974" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6263.json b/2013/6xxx/CVE-2013-6263.json index 273e226b164..2f3033cbb80 100644 --- a/2013/6xxx/CVE-2013-6263.json +++ b/2013/6xxx/CVE-2013-6263.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6263", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6263", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6810.json b/2013/6xxx/CVE-2013-6810.json index e8daa18bf7b..360d29d086c 100644 --- a/2013/6xxx/CVE-2013-6810.json +++ b/2013/6xxx/CVE-2013-6810.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131211 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html" - }, - { - "name" : "42701", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42701/" - }, - { - "name" : "42702", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42702/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-13-283/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-13-283/" - }, - { - "name" : "HPSBHF02953", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138723620521347&w=2" - }, - { - "name" : "20140129 CVE-2013-6810 / EMC / HP issue is actually Brocade", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2014-January/002755.html" - }, - { - "name" : "1029485", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029485" - }, - { - "name" : "56143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56143" - }, - { - "name" : "connectrix-manager-directory-traversal(90728)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42702", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42702/" + }, + { + "name": "1029485", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029485" + }, + { + "name": "20140129 CVE-2013-6810 / EMC / HP issue is actually Brocade", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2014-January/002755.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-13-283/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-283/" + }, + { + "name": "20131211 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html" + }, + { + "name": "HPSBHF02953", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138723620521347&w=2" + }, + { + "name": "42701", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42701/" + }, + { + "name": "connectrix-manager-directory-traversal(90728)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90728" + }, + { + "name": "56143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56143" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10216.json b/2017/10xxx/CVE-2017-10216.json index 37a08234e42..06ab8d81dda 100644 --- a/2017/10xxx/CVE-2017-10216.json +++ b/2017/10xxx/CVE-2017-10216.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Suite8 Property Interfaces", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.10.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Suite8 Property Interfaces", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.10.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99654" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99654" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10564.json b/2017/10xxx/CVE-2017-10564.json index 2e703201157..1f1e6bfb134 100644 --- a/2017/10xxx/CVE-2017-10564.json +++ b/2017/10xxx/CVE-2017-10564.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10564", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10564", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14034.json b/2017/14xxx/CVE-2017-14034.json index 878314ebd90..7700d662569 100644 --- a/2017/14xxx/CVE-2017-14034.json +++ b/2017/14xxx/CVE-2017-14034.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ebel34/bpg-web-encoder/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/ebel34/bpg-web-encoder/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ebel34/bpg-web-encoder/issues/1", + "refsource": "MISC", + "url": "https://github.com/ebel34/bpg-web-encoder/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14578.json b/2017/14xxx/CVE-2017-14578.json index 490bd81d023..092074e27f8 100644 --- a/2017/14xxx/CVE-2017-14578.json +++ b/2017/14xxx/CVE-2017-14578.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14578", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14578" - }, - { - "name" : "http://www.irfanview.net/main_history.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.net/main_history.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irfanview.net/main_history.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.net/main_history.htm" + }, + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14578", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14578" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14697.json b/2017/14xxx/CVE-2017-14697.json index b8c8c183596..24adfe520a4 100644 --- a/2017/14xxx/CVE-2017-14697.json +++ b/2017/14xxx/CVE-2017-14697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14972.json b/2017/14xxx/CVE-2017-14972.json index c4c40a1b296..c1630fe463b 100644 --- a/2017/14xxx/CVE-2017-14972.json +++ b/2017/14xxx/CVE-2017-14972.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20<%202.2.08%20-%20CVE-2017-14972", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20<%202.2.08%20-%20CVE-2017-14972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20<%202.2.08%20-%20CVE-2017-14972", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20<%202.2.08%20-%20CVE-2017-14972" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15283.json b/2017/15xxx/CVE-2017-15283.json index 6a462c3671f..2aa9637a280 100644 --- a/2017/15xxx/CVE-2017-15283.json +++ b/2017/15xxx/CVE-2017-15283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15283", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15283", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15483.json b/2017/15xxx/CVE-2017-15483.json index e06f4e886e7..79215631736 100644 --- a/2017/15xxx/CVE-2017-15483.json +++ b/2017/15xxx/CVE-2017-15483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15483", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15483", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15662.json b/2017/15xxx/CVE-2017-15662.json index 894a3a5a6ca..67dd9045ecb 100644 --- a/2017/15xxx/CVE-2017-15662.json +++ b/2017/15xxx/CVE-2017-15662.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43451", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43451/" - }, - { - "name" : "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html" + }, + { + "name": "43451", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43451/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15690.json b/2017/15xxx/CVE-2017-15690.json index 231f1b4b343..b165e8543df 100644 --- a/2017/15xxx/CVE-2017-15690.json +++ b/2017/15xxx/CVE-2017-15690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15946.json b/2017/15xxx/CVE-2017-15946.json index 34f92a8e35f..f6851cccdcc 100644 --- a/2017/15xxx/CVE-2017-15946.json +++ b/2017/15xxx/CVE-2017-15946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=2061", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=2061" - }, - { - "name" : "101942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101942" + }, + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=2061", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=2061" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15973.json b/2017/15xxx/CVE-2017-15973.json index 87cc30a5688..34084727be2 100644 --- a/2017/15xxx/CVE-2017-15973.json +++ b/2017/15xxx/CVE-2017-15973.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43086", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43086/" - }, - { - "name" : "https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html" + }, + { + "name": "43086", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43086/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9512.json b/2017/9xxx/CVE-2017-9512.json index 8c74b0d44b0..c530f82e1e1 100644 --- a/2017/9xxx/CVE-2017-9512.json +++ b/2017/9xxx/CVE-2017-9512.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-07-17T00:00:00", - "ID" : "CVE-2017-9512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlassian FishEye and Crucible", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-07-17T00:00:00", + "ID": "CVE-2017-9512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlassian FishEye and Crucible", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8053", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/CRUC-8053" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-6892", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/FE-6892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CRUC-8053", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/CRUC-8053" + }, + { + "name": "https://jira.atlassian.com/browse/FE-6892", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/FE-6892" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9754.json b/2017/9xxx/CVE-2017-9754.json index c55eae6b04e..8915be9de2a 100644 --- a/2017/9xxx/CVE-2017-9754.json +++ b/2017/9xxx/CVE-2017-9754.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21591", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - }, - { - "name" : "99125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21591", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" + }, + { + "name": "99125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99125" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9906.json b/2017/9xxx/CVE-2017-9906.json index eddaae0f902..e7a5795a0ff 100644 --- a/2017/9xxx/CVE-2017-9906.json +++ b/2017/9xxx/CVE-2017-9906.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0081.json b/2018/0xxx/CVE-2018-0081.json index afdfbf9a60a..6343b427326 100644 --- a/2018/0xxx/CVE-2018-0081.json +++ b/2018/0xxx/CVE-2018-0081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0081", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0081", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0352.json b/2018/0xxx/CVE-2018-0352.json index 3725c78652d..0438c79b62d 100644 --- a/2018/0xxx/CVE-2018-0352.json +++ b/2018/0xxx/CVE-2018-0352.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wide Area Application Services unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wide Area Application Services unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wide Area Application Services unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Wide Area Application Services unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation" - }, - { - "name" : "104464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104464" - }, - { - "name" : "1041077", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104464" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation" + }, + { + "name": "1041077", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041077" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0545.json b/2018/0xxx/CVE-2018-0545.json index 8366ad08eae..1799e113f8e 100644 --- a/2018/0xxx/CVE-2018-0545.json +++ b/2018/0xxx/CVE-2018-0545.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LXR", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.0.0 to 2.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "LXR Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LXR", + "version": { + "version_data": [ + { + "version_value": "version 1.0.0 to 2.3.0" + } + ] + } + } + ] + }, + "vendor_name": "LXR Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lxr.sourceforge.net/en/bugsandlimits.php", - "refsource" : "CONFIRM", - "url" : "http://lxr.sourceforge.net/en/bugsandlimits.php" - }, - { - "name" : "JVN#72589538", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN72589538/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#72589538", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN72589538/index.html" + }, + { + "name": "http://lxr.sourceforge.net/en/bugsandlimits.php", + "refsource": "CONFIRM", + "url": "http://lxr.sourceforge.net/en/bugsandlimits.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0822.json b/2018/0xxx/CVE-2018-0822.json index 0c339bfeb3a..7e192b8097d 100644 --- a/2018/0xxx/CVE-2018-0822.json +++ b/2018/0xxx/CVE-2018-0822.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-0822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NTFS", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka \"Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Important" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-0822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NTFS", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44147", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44147/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822" - }, - { - "name" : "102942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102942" - }, - { - "name" : "1040378", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka \"Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Important" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102942" + }, + { + "name": "44147", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44147/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822" + }, + { + "name": "1040378", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040378" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000140.json b/2018/1000xxx/CVE-2018-1000140.json index 5c3e1779c0f..ca85109314b 100644 --- a/2018/1000xxx/CVE-2018-1000140.json +++ b/2018/1000xxx/CVE-2018-1000140.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "3/20/2018 10:38:48", - "ID" : "CVE-2018-1000140", - "REQUESTER" : "kev@semmle.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "librelp", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.14 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "rsyslog" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "3/20/2018 10:38:48", + "ID": "CVE-2018-1000140", + "REQUESTER": "kev@semmle.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205", - "refsource" : "MISC", - "url" : "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205" - }, - { - "name" : "https://lgtm.com/rules/1505913226124/", - "refsource" : "MISC", - "url" : "https://lgtm.com/rules/1505913226124/" - }, - { - "name" : "DSA-4151", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4151" - }, - { - "name" : "GLSA-201804-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-21" - }, - { - "name" : "RHSA-2018:1223", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1223" - }, - { - "name" : "RHSA-2018:1225", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1225" - }, - { - "name" : "RHSA-2018:1701", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1701" - }, - { - "name" : "RHSA-2018:1702", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1702" - }, - { - "name" : "RHSA-2018:1703", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1703" - }, - { - "name" : "RHSA-2018:1704", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1704" - }, - { - "name" : "RHSA-2018:1707", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1707" - }, - { - "name" : "USN-3612-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3612-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3612-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3612-1/" + }, + { + "name": "GLSA-201804-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-21" + }, + { + "name": "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205", + "refsource": "MISC", + "url": "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205" + }, + { + "name": "RHSA-2018:1703", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1703" + }, + { + "name": "RHSA-2018:1704", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1704" + }, + { + "name": "RHSA-2018:1702", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1702" + }, + { + "name": "RHSA-2018:1225", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1225" + }, + { + "name": "RHSA-2018:1707", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1707" + }, + { + "name": "https://lgtm.com/rules/1505913226124/", + "refsource": "MISC", + "url": "https://lgtm.com/rules/1505913226124/" + }, + { + "name": "RHSA-2018:1223", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1223" + }, + { + "name": "DSA-4151", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4151" + }, + { + "name": "RHSA-2018:1701", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1701" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000216.json b/2018/1000xxx/CVE-2018-1000216.json index 4ecbcd4fb1a..fca8be57868 100644 --- a/2018/1000xxx/CVE-2018-1000216.json +++ b/2018/1000xxx/CVE-2018-1000216.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-02T16:41:53.506666", - "DATE_REQUESTED" : "2018-07-23T16:43:09", - "ID" : "CVE-2018-1000216", - "REQUESTER" : "secure@veritas.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cJSON", - "version" : { - "version_data" : [ - { - "version_value" : "1.7.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Dave Gamble" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-415: Double Free" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-02T16:41:53.506666", + "DATE_REQUESTED": "2018-07-23T16:43:09", + "ID": "CVE-2018-1000216", + "REQUESTER": "secure@veritas.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/DaveGamble/cJSON/issues/241", - "refsource" : "CONFIRM", - "url" : "https://github.com/DaveGamble/cJSON/issues/241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/DaveGamble/cJSON/issues/241", + "refsource": "CONFIRM", + "url": "https://github.com/DaveGamble/cJSON/issues/241" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000633.json b/2018/1000xxx/CVE-2018-1000633.json index c4e1b9dc67f..d7720e9c433 100644 --- a/2018/1000xxx/CVE-2018-1000633.json +++ b/2018/1000xxx/CVE-2018-1000633.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-19T17:09:33.116818", - "DATE_REQUESTED" : "2018-07-31T15:32:58", - "ID" : "CVE-2018-1000633", - "REQUESTER" : "m.t.b.carroll@dundee.ac.uk", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OMERO.web", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 5.4.7" - } - ] - } - } - ] - }, - "vendor_name" : "The Open Microscopy Environment" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through Log Files" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-19T17:09:33.116818", + "DATE_REQUESTED": "2018-07-31T15:32:58", + "ID": "CVE-2018-1000633", + "REQUESTER": "m.t.b.carroll@dundee.ac.uk", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html", - "refsource" : "CONFIRM", - "url" : "http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html" - }, - { - "name" : "http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/", - "refsource" : "CONFIRM", - "url" : "http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html", + "refsource": "CONFIRM", + "url": "http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html" + }, + { + "name": "http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/", + "refsource": "CONFIRM", + "url": "http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000800.json b/2018/1000xxx/CVE-2018-1000800.json index 0faa4cb5707..019678c374b 100644 --- a/2018/1000xxx/CVE-2018-1000800.json +++ b/2018/1000xxx/CVE-2018-1000800.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-09-03T16:07:16.971905", - "DATE_REQUESTED" : "2018-08-20T17:57:40", - "ID" : "CVE-2018-1000800", - "REQUESTER" : "situlingyun@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "zephyr-rtos", - "version" : { - "version_data" : [ - { - "version_value" : "1.12.0" - } - ] - } - } - ] - }, - "vendor_name" : "zephyr-rtos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NULL base pointer reference" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-09-03T16:07:16.971905", + "DATE_REQUESTED": "2018-08-20T17:57:40", + "ID": "CVE-2018-1000800", + "REQUESTER": "situlingyun@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zephyrproject-rtos/zephyr/issues/7638", - "refsource" : "CONFIRM", - "url" : "https://github.com/zephyrproject-rtos/zephyr/issues/7638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zephyrproject-rtos/zephyr/issues/7638", + "refsource": "CONFIRM", + "url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12022.json b/2018/12xxx/CVE-2018-12022.json index cd8ded89d7d..2eb278855db 100644 --- a/2018/12xxx/CVE-2018-12022.json +++ b/2018/12xxx/CVE-2018-12022.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12022", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/" + }, + { + "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf", + "refsource": "MISC", + "name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FasterXML/jackson-databind/issues/2052", + "url": "https://github.com/FasterXML/jackson-databind/issues/2052" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a", + "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" } ] } diff --git a/2018/12xxx/CVE-2018-12984.json b/2018/12xxx/CVE-2018-12984.json index fe2803f4848..afb57201aca 100644 --- a/2018/12xxx/CVE-2018-12984.json +++ b/2018/12xxx/CVE-2018-12984.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hycus CMS 1.0.4 allows Authentication Bypass via \"'=' 'OR'\" credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44954", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44954/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hycus CMS 1.0.4 allows Authentication Bypass via \"'=' 'OR'\" credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44954", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44954/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16039.json b/2018/16xxx/CVE-2018-16039.json index 21489272e5c..685952eb7f8 100644 --- a/2018/16xxx/CVE-2018-16039.json +++ b/2018/16xxx/CVE-2018-16039.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106164" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16277.json b/2018/16xxx/CVE-2018-16277.json index 946546aae4d..71e370e58f7 100644 --- a/2018/16xxx/CVE-2018-16277.json +++ b/2018/16xxx/CVE-2018-16277.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Image Import function in XWiki through 10.7 has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/", - "refsource" : "MISC", - "url" : "https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Image Import function in XWiki through 10.7 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/", + "refsource": "MISC", + "url": "https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16573.json b/2018/16xxx/CVE-2018-16573.json index 2a3a3490d7e..4929d30fe2a 100644 --- a/2018/16xxx/CVE-2018-16573.json +++ b/2018/16xxx/CVE-2018-16573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16649.json b/2018/16xxx/CVE-2018-16649.json index eb797333b63..58e4380251b 100644 --- a/2018/16xxx/CVE-2018-16649.json +++ b/2018/16xxx/CVE-2018-16649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16649", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16649", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4113.json b/2018/4xxx/CVE-2018-4113.json index b57d63c1644..e985f5535a7 100644 --- a/2018/4xxx/CVE-2018-4113.json +++ b/2018/4xxx/CVE-2018-4113.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \"WebKit\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208694", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208694" - }, - { - "name" : "https://support.apple.com/HT208695", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208695" - }, - { - "name" : "https://support.apple.com/HT208696", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208696" - }, - { - "name" : "https://support.apple.com/HT208697", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208697" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3635-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3635-1/" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \"WebKit\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://support.apple.com/HT208696", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208696" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "https://support.apple.com/HT208694", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208694" + }, + { + "name": "https://support.apple.com/HT208697", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208697" + }, + { + "name": "USN-3635-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3635-1/" + }, + { + "name": "https://support.apple.com/HT208695", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208695" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4400.json b/2018/4xxx/CVE-2018-4400.json index 49601deb5c1..4a6c1709440 100644 --- a/2018/4xxx/CVE-2018-4400.json +++ b/2018/4xxx/CVE-2018-4400.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4400", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4400", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4581.json b/2018/4xxx/CVE-2018-4581.json index 70d1d043780..545b6c652c8 100644 --- a/2018/4xxx/CVE-2018-4581.json +++ b/2018/4xxx/CVE-2018-4581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4581", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4581", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4665.json b/2018/4xxx/CVE-2018-4665.json index c8e759b70d3..8397f3061ab 100644 --- a/2018/4xxx/CVE-2018-4665.json +++ b/2018/4xxx/CVE-2018-4665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4838.json b/2018/4xxx/CVE-2018-4838.json index dfd498c01f2..98259833e82 100644 --- a/2018/4xxx/CVE-2018-4838.json +++ b/2018/4xxx/CVE-2018-4838.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-03-08T00:00:00", - "ID" : "CVE-2018-4838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EN100 Ethernet module IEC 61850 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module DNP3 variant, EN100 Ethernet module IEC 104 variant=", - "version" : { - "version_data" : [ - { - "version_value" : "EN100 Ethernet module IEC 61850 variant : All versions < V4.30" - }, - { - "version_value" : "EN100 Ethernet module PROFINET IO variant : All versions" - }, - { - "version_value" : "EN100 Ethernet module Modbus TCP variant : All versions" - }, - { - "version_value" : "EN100 Ethernet module DNP3 variant : All versions" - }, - { - "version_value" : "EN100 Ethernet module IEC 104 variant : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in Siemens EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306: Missing Authentication for Critical Function" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-03-08T00:00:00", + "ID": "CVE-2018-4838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EN100 Ethernet module IEC 61850 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module DNP3 variant, EN100 Ethernet module IEC 104 variant=", + "version": { + "version_data": [ + { + "version_value": "EN100 Ethernet module IEC 61850 variant : All versions < V4.30" + }, + { + "version_value": "EN100 Ethernet module PROFINET IO variant : All versions" + }, + { + "version_value": "EN100 Ethernet module Modbus TCP variant : All versions" + }, + { + "version_value": "EN100 Ethernet module DNP3 variant : All versions" + }, + { + "version_value": "EN100 Ethernet module IEC 104 variant : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf" - }, - { - "name" : "103379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Siemens EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf" + }, + { + "name": "103379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103379" + } + ] + } +} \ No newline at end of file