diff --git a/2004/1xxx/CVE-2004-1387.json b/2004/1xxx/CVE-2004-1387.json index 748f04e5e9f..1632c59c50b 100644 --- a/2004/1xxx/CVE-2004-1387.json +++ b/2004/1xxx/CVE-2004-1387.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-apache] 20050119 Bug#290974: marked as done (apache: Temporary usage bugs that can be used in symlink attacks)", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-apache/2005/01/msg00076.html" - }, - { - "name" : "USN-65-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/65-1/" - }, - { - "name" : "13925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13925" - }, - { - "name" : "apache-checkforensic-symlink(18993)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apache-checkforensic-symlink(18993)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18993" + }, + { + "name": "13925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13925" + }, + { + "name": "[debian-apache] 20050119 Bug#290974: marked as done (apache: Temporary usage bugs that can be used in symlink attacks)", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-apache/2005/01/msg00076.html" + }, + { + "name": "USN-65-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/65-1/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1388.json b/2004/1xxx/CVE-2004-1388.json index bcc5b2c8b75..a80fac46bb4 100644 --- a/2004/1xxx/CVE-2004-1388.json +++ b/2004/1xxx/CVE-2004-1388.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050126 DMA[2005-0125a] - 'berlios gpsd format string vulnerability'", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110677341711505&w=2" - }, - { - "name" : "http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txt" - }, - { - "name" : "[Gpsd-announce] 20050127 Announcing release 2.8 of gpsd", - "refsource" : "MLIST", - "url" : "http://lists.berlios.de/pipermail/gpsd-announce/2005-January/000018.html" - }, - { - "name" : "http://www.mail-archive.com/debian-bugs-closed@lists.debian.org/msg02103.html", - "refsource" : "CONFIRM", - "url" : "http://www.mail-archive.com/debian-bugs-closed@lists.debian.org/msg02103.html" - }, - { - "name" : "gpsd-format-string(19079)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Gpsd-announce] 20050127 Announcing release 2.8 of gpsd", + "refsource": "MLIST", + "url": "http://lists.berlios.de/pipermail/gpsd-announce/2005-January/000018.html" + }, + { + "name": "http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txt" + }, + { + "name": "gpsd-format-string(19079)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19079" + }, + { + "name": "20050126 DMA[2005-0125a] - 'berlios gpsd format string vulnerability'", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110677341711505&w=2" + }, + { + "name": "http://www.mail-archive.com/debian-bugs-closed@lists.debian.org/msg02103.html", + "refsource": "CONFIRM", + "url": "http://www.mail-archive.com/debian-bugs-closed@lists.debian.org/msg02103.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1793.json b/2004/1xxx/CVE-2004-1793.json index d62f25a6179..5c3c583b928 100644 --- a/2004/1xxx/CVE-2004-1793.json +++ b/2004/1xxx/CVE-2004-1793.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040102 Switch Off Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348693" - }, - { - "name" : "http://www.elitehaven.net/switchoff.txt", - "refsource" : "MISC", - "url" : "http://www.elitehaven.net/switchoff.txt" - }, - { - "name" : "9340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9340" - }, - { - "name" : "3309", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3309" - }, - { - "name" : "1008581", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008581" - }, - { - "name" : "10521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10521" - }, - { - "name" : "switch-off-swnet-bo(14124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9340" + }, + { + "name": "switch-off-swnet-bo(14124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14124" + }, + { + "name": "3309", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3309" + }, + { + "name": "http://www.elitehaven.net/switchoff.txt", + "refsource": "MISC", + "url": "http://www.elitehaven.net/switchoff.txt" + }, + { + "name": "20040102 Switch Off Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348693" + }, + { + "name": "1008581", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008581" + }, + { + "name": "10521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10521" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1987.json b/2004/1xxx/CVE-2004-1987.json index 3282e7dcbed..2a7ef501a0f 100644 --- a/2004/1xxx/CVE-2004-1987.json +++ b/2004/1xxx/CVE-2004-1987.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108360247732014&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=26", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=26" - }, - { - "name" : "10253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10253" - }, - { - "name" : "5759", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5759" - }, - { - "name" : "1010001", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010001" - }, - { - "name" : "11524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11524" - }, - { - "name" : "coppermine-parameters-execute-commands(16043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=26", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=26" + }, + { + "name": "1010001", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010001" + }, + { + "name": "5759", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5759" + }, + { + "name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108360247732014&w=2" + }, + { + "name": "10253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10253" + }, + { + "name": "coppermine-parameters-execute-commands(16043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16043" + }, + { + "name": "11524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11524" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0621.json b/2008/0xxx/CVE-2008-0621.json index c3bb3b48f0d..a6a2141b757 100644 --- a/2008/0xxx/CVE-2008-0621.json +++ b/2008/0xxx/CVE-2008-0621.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080204 Multiple vulnerabilities in SAPlpd 6.28", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487508/100/0/threaded" - }, - { - "name" : "20080205 Re: Multiple vulnerabilities in SAPlpd 6.28", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487575/100/0/threaded" - }, - { - "name" : "5079", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5079" - }, - { - "name" : "27613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27613" - }, - { - "name" : "ADV-2008-0409", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0409" - }, - { - "name" : "ADV-2008-0438", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0438" - }, - { - "name" : "1019300", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019300" - }, - { - "name" : "28786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28786" - }, - { - "name" : "28811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28811" - }, - { - "name" : "3619", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28786" + }, + { + "name": "20080205 Re: Multiple vulnerabilities in SAPlpd 6.28", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487575/100/0/threaded" + }, + { + "name": "ADV-2008-0409", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0409" + }, + { + "name": "1019300", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019300" + }, + { + "name": "3619", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3619" + }, + { + "name": "20080204 Multiple vulnerabilities in SAPlpd 6.28", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487508/100/0/threaded" + }, + { + "name": "ADV-2008-0438", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0438" + }, + { + "name": "28811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28811" + }, + { + "name": "27613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27613" + }, + { + "name": "5079", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5079" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0944.json b/2008/0xxx/CVE-2008-0944.json index 0dfd0fe7c58..567ad627e3c 100644 --- a/2008/0xxx/CVE-2008-0944.json +++ b/2008/0xxx/CVE-2008-0944.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487748/100/200/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/ipsimene-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ipsimene-adv.txt" - }, - { - "name" : "27677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27677" - }, - { - "name" : "28824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28824" - }, - { - "name" : "3697", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/ipsimene-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt" + }, + { + "name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded" + }, + { + "name": "27677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27677" + }, + { + "name": "3697", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3697" + }, + { + "name": "28824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28824" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3014.json b/2008/3xxx/CVE-2008-3014.json index 2fc1f602524..8875c4a7722 100644 --- a/2008/3xxx/CVE-2008-3014.json +++ b/2008/3xxx/CVE-2008-3014.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-3014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02372", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122235754013992&w=2" - }, - { - "name" : "SSRT080133", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122235754013992&w=2" - }, - { - "name" : "MS08-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052" - }, - { - "name" : "TA08-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-253A.html" - }, - { - "name" : "31021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31021" - }, - { - "name" : "oval:org.mitre.oval:def:6004", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004" - }, - { - "name" : "ADV-2008-2520", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2520" - }, - { - "name" : "ADV-2008-2696", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2696" - }, - { - "name" : "1020837", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020837" - }, - { - "name" : "32154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32154" + }, + { + "name": "HPSBST02372", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122235754013992&w=2" + }, + { + "name": "MS08-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052" + }, + { + "name": "31021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31021" + }, + { + "name": "oval:org.mitre.oval:def:6004", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004" + }, + { + "name": "ADV-2008-2696", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2696" + }, + { + "name": "1020837", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020837" + }, + { + "name": "SSRT080133", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122235754013992&w=2" + }, + { + "name": "TA08-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html" + }, + { + "name": "ADV-2008-2520", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2520" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3545.json b/2008/3xxx/CVE-2008-3545.json index 25bc3e6d83c..920704b76df 100644 --- a/2008/3xxx/CVE-2008-3545.json +++ b/2008/3xxx/CVE-2008-3545.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536, CVE-2008-3537, and CVE-2008-3544. NOTE: due to insufficient details from the vendor, it is not clear whether this is the same as CVE-2008-1853." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02374", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122356907004075&w=2" - }, - { - "name" : "SSRT080046", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122356907004075&w=2" - }, - { - "name" : "31669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31669" - }, - { - "name" : "1021014", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021014" - }, - { - "name" : "29796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29796" - }, - { - "name" : "4399", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4399" - }, - { - "name" : "hp-ovnnm-unspecified-dos(45788)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536, CVE-2008-3537, and CVE-2008-3544. NOTE: due to insufficient details from the vendor, it is not clear whether this is the same as CVE-2008-1853." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4399", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4399" + }, + { + "name": "29796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29796" + }, + { + "name": "HPSBMA02374", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122356907004075&w=2" + }, + { + "name": "hp-ovnnm-unspecified-dos(45788)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45788" + }, + { + "name": "31669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31669" + }, + { + "name": "SSRT080046", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122356907004075&w=2" + }, + { + "name": "1021014", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021014" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3581.json b/2008/3xxx/CVE-2008-3581.json index b718223f706..468dc5de2f7 100644 --- a/2008/3xxx/CVE-2008-3581.json +++ b/2008/3xxx/CVE-2008-3581.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6192", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6192" - }, - { - "name" : "30520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30520" - }, - { - "name" : "31245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31245" - }, - { - "name" : "4131", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4131" - }, - { - "name" : "klinks-loginmessage-xss(44161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4131", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4131" + }, + { + "name": "klinks-loginmessage-xss(44161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44161" + }, + { + "name": "6192", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6192" + }, + { + "name": "31245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31245" + }, + { + "name": "30520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30520" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3643.json b/2008/3xxx/CVE-2008-3643.json index 08e4ff57119..d6eb13f2e3c 100644 --- a/2008/3xxx/CVE-2008-3643.json +++ b/2008/3xxx/CVE-2008-3643.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an \"error recovery issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3216", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3216" - }, - { - "name" : "APPLE-SA-2008-10-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" - }, - { - "name" : "31681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31681" - }, - { - "name" : "31720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31720" - }, - { - "name" : "ADV-2008-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2780" - }, - { - "name" : "1021024", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021024" - }, - { - "name" : "32222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32222" - }, - { - "name" : "macosx-finder-dos(45780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an \"error recovery issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31681" + }, + { + "name": "macosx-finder-dos(45780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45780" + }, + { + "name": "1021024", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021024" + }, + { + "name": "32222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32222" + }, + { + "name": "31720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31720" + }, + { + "name": "ADV-2008-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2780" + }, + { + "name": "APPLE-SA-2008-10-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3216", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3216" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3766.json b/2008/3xxx/CVE-2008-3766.json index afe574eb88e..b2792d3df01 100644 --- a/2008/3xxx/CVE-2008-3766.json +++ b/2008/3xxx/CVE-2008-3766.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=158367&release_id=619929", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=158367&release_id=619929" - }, - { - "name" : "30770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30770" - }, - { - "name" : "31496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31496" - }, - { - "name" : "llcon-protocol-messages-dos(44567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "llcon-protocol-messages-dos(44567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44567" + }, + { + "name": "31496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31496" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=158367&release_id=619929", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=158367&release_id=619929" + }, + { + "name": "30770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30770" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3972.json b/2008/3xxx/CVE-2008-3972.json index fdda2d4d8f3..0fdb74d843a 100644 --- a/2008/3xxx/CVE-2008-3972.json +++ b/2008/3xxx/CVE-2008-3972.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the \"OpenSC\" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[opensc-announce] 20080827 opensc 0.11.6 with fixed security update", - "refsource" : "MLIST", - "url" : "http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html" - }, - { - "name" : "[oss-security] 20080909 Re: opensc 0.11.6 with fixed security update", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/09/14" - }, - { - "name" : "FEDORA-2009-2267", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html" - }, - { - "name" : "SUSE-SR:2008:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html" - }, - { - "name" : "32099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32099" - }, - { - "name" : "34362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34362" - }, - { - "name" : "opensc-pkcs15tool-weak-security(45045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the \"OpenSC\" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opensc-pkcs15tool-weak-security(45045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45045" + }, + { + "name": "34362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34362" + }, + { + "name": "FEDORA-2009-2267", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html" + }, + { + "name": "[oss-security] 20080909 Re: opensc 0.11.6 with fixed security update", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/09/14" + }, + { + "name": "[opensc-announce] 20080827 opensc 0.11.6 with fixed security update", + "refsource": "MLIST", + "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html" + }, + { + "name": "32099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32099" + }, + { + "name": "SUSE-SR:2008:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4382.json b/2008/4xxx/CVE-2008-4382.json index 067e2f74758..e6fff009652 100644 --- a/2008/4xxx/CVE-2008-4382.json +++ b/2008/4xxx/CVE-2008-4382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080930 Re: MS Internet Explorer 7 Denial Of Service Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496849/100/0/threaded" - }, - { - "name" : "konqueror-alert-function-dos(45645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080930 Re: MS Internet Explorer 7 Denial Of Service Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496849/100/0/threaded" + }, + { + "name": "konqueror-alert-function-dos(45645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45645" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4474.json b/2008/4xxx/CVE-2008-4474.json index acfaf7dd573..b1ff92c3e61 100644 --- a/2008/4xxx/CVE-2008-4474.json +++ b/2008/4xxx/CVE-2008-4474.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel/2008/08/msg00271.html" - }, - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "SUSE-SR:2008:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" - }, - { - "name" : "30901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30901" - }, - { - "name" : "32170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32170" - }, - { - "name" : "33151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33151" + }, + { + "name": "32170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32170" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "30901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30901" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389" + }, + { + "name": "SUSE-SR:2008:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" + }, + { + "name": "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4648.json b/2008/4xxx/CVE-2008-4648.json index 64e5955af0c..badd318d6ca 100644 --- a/2008/4xxx/CVE-2008-4648.json +++ b/2008/4xxx/CVE-2008-4648.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. NOTE: the error might be located in modules/mod_language.php, and index.php might be the interaction point." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0810-exploits/elxis-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0810-exploits/elxis-xss.txt" - }, - { - "name" : "31764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31764" - }, - { - "name" : "32278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32278" - }, - { - "name" : "elxis-index-xss(45866)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. NOTE: the error might be located in modules/mod_language.php, and index.php might be the interaction point." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32278" + }, + { + "name": "http://packetstormsecurity.org/0810-exploits/elxis-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0810-exploits/elxis-xss.txt" + }, + { + "name": "31764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31764" + }, + { + "name": "elxis-index-xss(45866)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45866" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6175.json b/2008/6xxx/CVE-2008-6175.json index 8c0e0f2b8a9..71ec1148491 100644 --- a/2008/6xxx/CVE-2008-6175.json +++ b/2008/6xxx/CVE-2008-6175.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6815", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6815" - }, - { - "name" : "31884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31884" - }, - { - "name" : "32374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32374" - }, - { - "name" : "silvershield-opendir-dos(46064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "silvershield-opendir-dos(46064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46064" + }, + { + "name": "32374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32374" + }, + { + "name": "31884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31884" + }, + { + "name": "6815", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6815" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6380.json b/2008/6xxx/CVE-2008-6380.json index 4de89c87979..595c063e834 100644 --- a/2008/6xxx/CVE-2008-6380.json +++ b/2008/6xxx/CVE-2008-6380.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7298", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7298" - }, - { - "name" : "32548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32548" - }, - { - "name" : "32911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32911" - }, - { - "name" : "activewebhelpdesk-default-sql-injection(46905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7298", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7298" + }, + { + "name": "activewebhelpdesk-default-sql-injection(46905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46905" + }, + { + "name": "32548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32548" + }, + { + "name": "32911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32911" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6627.json b/2008/6xxx/CVE-2008-6627.json index 01a9af8e32b..e01a7abbc14 100644 --- a/2008/6xxx/CVE-2008-6627.json +++ b/2008/6xxx/CVE-2008-6627.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6986", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6986" - }, - { - "name" : "32108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32108" - }, - { - "name" : "49720", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49720" - }, - { - "name" : "32499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32499" - }, - { - "name" : "webshop-getin-sql-injection(46357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32108" + }, + { + "name": "webshop-getin-sql-injection(46357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46357" + }, + { + "name": "6986", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6986" + }, + { + "name": "49720", + "refsource": "OSVDB", + "url": "http://osvdb.org/49720" + }, + { + "name": "32499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32499" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7017.json b/2008/7xxx/CVE-2008-7017.json index cd9b3b4b896..d8813088ce9 100644 --- a/2008/7xxx/CVE-2008-7017.json +++ b/2008/7xxx/CVE-2008-7017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cynops.de/advisories/AKLINK-SA-2008-007.txt", - "refsource" : "MISC", - "url" : "http://www.cynops.de/advisories/AKLINK-SA-2008-007.txt" - }, - { - "name" : "31481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31481" - }, - { - "name" : "cacert-analyse-xss(45515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cynops.de/advisories/AKLINK-SA-2008-007.txt", + "refsource": "MISC", + "url": "http://www.cynops.de/advisories/AKLINK-SA-2008-007.txt" + }, + { + "name": "cacert-analyse-xss(45515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45515" + }, + { + "name": "31481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31481" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7038.json b/2008/7xxx/CVE-2008-7038.json index 41d45f7c7cd..b6820b7542f 100644 --- a/2008/7xxx/CVE-2008-7038.json +++ b/2008/7xxx/CVE-2008-7038.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080228 PHP-Nuke My_eGallery \"gid\" Remote SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488916/100/100/threaded" - }, - { - "name" : "5203", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5203" - }, - { - "name" : "5242", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5242" - }, - { - "name" : "28030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28030" - }, - { - "name" : "51021", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51021" - }, - { - "name" : "myegallery-gid-sql-injection(40910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28030" + }, + { + "name": "20080228 PHP-Nuke My_eGallery \"gid\" Remote SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded" + }, + { + "name": "myegallery-gid-sql-injection(40910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910" + }, + { + "name": "5203", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5203" + }, + { + "name": "5242", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5242" + }, + { + "name": "51021", + "refsource": "OSVDB", + "url": "http://osvdb.org/51021" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2498.json b/2013/2xxx/CVE-2013-2498.json index 2a0f5cbd316..e50da8df348 100644 --- a/2013/2xxx/CVE-2013-2498.json +++ b/2013/2xxx/CVE-2013-2498.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130417 Fwd: Multiple Vulnerabilities in Simple HRM system v2.3 and below", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/17/1" - }, - { - "name" : "92538", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92538" - }, - { - "name" : "simplehrm-cve20132498-sql-injection(83628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130417 Fwd: Multiple Vulnerabilities in Simple HRM system v2.3 and below", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/17/1" + }, + { + "name": "92538", + "refsource": "OSVDB", + "url": "http://osvdb.org/92538" + }, + { + "name": "simplehrm-cve20132498-sql-injection(83628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83628" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2638.json b/2013/2xxx/CVE-2013-2638.json index 09977106cd0..13cb69e5735 100644 --- a/2013/2xxx/CVE-2013-2638.json +++ b/2013/2xxx/CVE-2013-2638.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2638", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2638", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2647.json b/2013/2xxx/CVE-2013-2647.json index e0d1b923959..30ebac73a46 100644 --- a/2013/2xxx/CVE-2013-2647.json +++ b/2013/2xxx/CVE-2013-2647.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2647", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2647", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2799.json b/2013/2xxx/CVE-2013-2799.json index bdced931e7a..29a8b0c7727 100644 --- a/2013/2xxx/CVE-2013-2799.json +++ b/2013/2xxx/CVE-2013-2799.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2799", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2799", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2910.json b/2013/2xxx/CVE-2013-2910.json index d456097049c..6c340d365c3 100644 --- a/2013/2xxx/CVE-2013-2910.json +++ b/2013/2xxx/CVE-2013-2910.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=269753", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=269753" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=157615&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=157615&view=revision" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "openSUSE-SU-2013:1556", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:18812", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=269753", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=269753" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "openSUSE-SU-2013:1556", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=157615&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=157615&view=revision" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:18812", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18812" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6364.json b/2013/6xxx/CVE-2013-6364.json index d6f5e215d59..ae54b4dbfe3 100644 --- a/2013/6xxx/CVE-2013-6364.json +++ b/2013/6xxx/CVE-2013-6364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6678.json b/2013/6xxx/CVE-2013-6678.json index a9c5a70e9ee..7846f627b59 100644 --- a/2013/6xxx/CVE-2013-6678.json +++ b/2013/6xxx/CVE-2013-6678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6678", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6678", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6723.json b/2013/6xxx/CVE-2013-6723.json index 13763b276a1..86575c21be4 100644 --- a/2013/6xxx/CVE-2013-6723.json +++ b/2013/6xxx/CVE-2013-6723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute=\"always\" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660011", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660011" - }, - { - "name" : "PI05684", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684" - }, - { - "name" : "64488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64488" - }, - { - "name" : "101271", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101271" - }, - { - "name" : "ibm-wsportal-cve20136723-reference(89278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute=\"always\" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101271", + "refsource": "OSVDB", + "url": "http://osvdb.org/101271" + }, + { + "name": "64488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64488" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011" + }, + { + "name": "ibm-wsportal-cve20136723-reference(89278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89278" + }, + { + "name": "PI05684", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7108.json b/2013/7xxx/CVE-2013-7108.json index 68a3e14cae1..c8c9f79a11c 100644 --- a/2013/7xxx/CVE-2013-7108.json +++ b/2013/7xxx/CVE-2013-7108.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/24/1" - }, - { - "name" : "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html" - }, - { - "name" : "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/" - }, - { - "name" : "https://dev.icinga.org/issues/5251", - "refsource" : "CONFIRM", - "url" : "https://dev.icinga.org/issues/5251" - }, - { - "name" : "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/", - "refsource" : "CONFIRM", - "url" : "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/" - }, - { - "name" : "MDVSA-2014:004", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004" - }, - { - "name" : "openSUSE-SU-2014:0016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0039", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html" - }, - { - "name" : "openSUSE-SU-2014:0069", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html" - }, - { - "name" : "openSUSE-SU-2014:0097", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html" - }, - { - "name" : "64363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64363" - }, - { - "name" : "55976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55976" - }, - { - "name" : "56316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2014:004", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004" + }, + { + "name": "openSUSE-SU-2014:0069", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html" + }, + { + "name": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/" + }, + { + "name": "56316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56316" + }, + { + "name": "openSUSE-SU-2014:0097", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html" + }, + { + "name": "https://dev.icinga.org/issues/5251", + "refsource": "CONFIRM", + "url": "https://dev.icinga.org/issues/5251" + }, + { + "name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html" + }, + { + "name": "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/", + "refsource": "CONFIRM", + "url": "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/" + }, + { + "name": "[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/24/1" + }, + { + "name": "55976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55976" + }, + { + "name": "64363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64363" + }, + { + "name": "openSUSE-SU-2014:0016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html" + }, + { + "name": "openSUSE-SU-2014:0039", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10471.json b/2017/10xxx/CVE-2017-10471.json index 002865a590a..77c64513b89 100644 --- a/2017/10xxx/CVE-2017-10471.json +++ b/2017/10xxx/CVE-2017-10471.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10471", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10471", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10649.json b/2017/10xxx/CVE-2017-10649.json index 864a15f1e76..8eeca05f43a 100644 --- a/2017/10xxx/CVE-2017-10649.json +++ b/2017/10xxx/CVE-2017-10649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10649", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10649", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10668.json b/2017/10xxx/CVE-2017-10668.json index 6f0c3bf390c..957ec1232b0 100644 --- a/2017/10xxx/CVE-2017-10668.json +++ b/2017/10xxx/CVE-2017-10668.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jun/44", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/44" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jun/44", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jun/44" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10949.json b/2017/10xxx/CVE-2017-10949.json index b80633e968f..ee792a1fff1 100644 --- a/2017/10xxx/CVE-2017-10949.json +++ b/2017/10xxx/CVE-2017-10949.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "DATE_PUBLIC" : "2017-08-02T00:00:00", - "ID" : "CVE-2017-10949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell Storage Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2016 R2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Zero Day Initiative" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "DATE_PUBLIC": "2017-08-02T00:00:00", + "ID": "CVE-2017-10949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell Storage Manager", + "version": { + "version_data": [ + { + "version_value": "2016 R2.1" + } + ] + } + } + ] + }, + "vendor_name": "Zero Day Initiative" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf", - "refsource" : "MISC", - "url" : "http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-523", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-523" - }, - { - "name" : "100138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf", + "refsource": "MISC", + "url": "http://topics-cdn.dell.com/pdf/dell-compellent-sc8000_release%20notes24_en-us.pdf" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-523", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-523" + }, + { + "name": "100138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100138" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14663.json b/2017/14xxx/CVE-2017-14663.json index bc43577831b..d84d3cf76c7 100644 --- a/2017/14xxx/CVE-2017-14663.json +++ b/2017/14xxx/CVE-2017-14663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14663", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14663", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14801.json b/2017/14xxx/CVE-2017-14801.json index 42a0baaa83a..9b8b31681a8 100644 --- a/2017/14xxx/CVE-2017-14801.json +++ b/2017/14xxx/CVE-2017-14801.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-11-20T00:00:00.000Z", - "ID" : "CVE-2017-14801", - "STATE" : "PUBLIC", - "TITLE" : "Reflected xss in Admin Console REST interface" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-11-20T00:00:00.000Z", + "ID": "CVE-2017-14801", + "STATE": "PUBLIC", + "TITLE": "Reflected xss in Admin Console REST interface" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "4.3", + "version_value": "4.3.3" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "4.3", - "version_value" : "4.3.3" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" + "lang": "eng", + "value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 4.6, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected cross site scripting" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7022357", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7022357" - } - ] - }, - "source" : { - "advisory" : "7022357", - "discovery" : "UNKNOWN" - } -} + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected cross site scripting" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7022357", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7022357" + } + ] + }, + "source": { + "advisory": "7022357", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15078.json b/2017/15xxx/CVE-2017-15078.json index fabaf7b726f..498eb32133d 100644 --- a/2017/15xxx/CVE-2017-15078.json +++ b/2017/15xxx/CVE-2017-15078.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15078", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15078", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15551.json b/2017/15xxx/CVE-2017-15551.json index 07adab39c4b..c8b25363e0a 100644 --- a/2017/15xxx/CVE-2017-15551.json +++ b/2017/15xxx/CVE-2017-15551.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15551", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15551", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15862.json b/2017/15xxx/CVE-2017-15862.json index 3be3423338c..713b9dd6252 100644 --- a/2017/15xxx/CVE-2017-15862.json +++ b/2017/15xxx/CVE-2017-15862.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-15862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow to Buffer Overflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-15862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-02-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15925.json b/2017/15xxx/CVE-2017-15925.json index da9c5152fc0..0fa174e1e6d 100644 --- a/2017/15xxx/CVE-2017-15925.json +++ b/2017/15xxx/CVE-2017-15925.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15925", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15925", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15938.json b/2017/15xxx/CVE-2017-15938.json index 7102dc181a4..05e75ade51a 100644 --- a/2017/15xxx/CVE-2017-15938.json +++ b/2017/15xxx/CVE-2017-15938.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22209" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" - }, - { - "name" : "GLSA-201801-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-01" - }, - { - "name" : "101610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201801-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-01" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/" + }, + { + "name": "101610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101610" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22209" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9170.json b/2017/9xxx/CVE-2017-9170.json index 767f9b83b6c..ba20d79af3a 100644 --- a/2017/9xxx/CVE-2017-9170.json +++ b/2017/9xxx/CVE-2017-9170.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9205.json b/2017/9xxx/CVE-2017-9205.json index 64e84af277e..d6963a6d83f 100644 --- a/2017/9xxx/CVE-2017-9205.json +++ b/2017/9xxx/CVE-2017-9205.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/" - }, - { - "name" : "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d", - "refsource" : "MISC", - "url" : "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d", + "refsource": "MISC", + "url": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9623.json b/2017/9xxx/CVE-2017-9623.json index 79439f97876..e306c9b62fe 100644 --- a/2017/9xxx/CVE-2017-9623.json +++ b/2017/9xxx/CVE-2017-9623.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd", - "refsource" : "CONFIRM", - "url" : "https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd" - }, - { - "name" : "https://github.com/Telaxus/EPESI/issues/186", - "refsource" : "CONFIRM", - "url" : "https://github.com/Telaxus/EPESI/issues/186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Telaxus/EPESI/issues/186", + "refsource": "CONFIRM", + "url": "https://github.com/Telaxus/EPESI/issues/186" + }, + { + "name": "https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd", + "refsource": "CONFIRM", + "url": "https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9813.json b/2017/9xxx/CVE-2017-9813.json index 26e680626c3..cf581213b6f 100644 --- a/2017/9xxx/CVE-2017-9813.json +++ b/2017/9xxx/CVE-2017-9813.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42269", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42269/" - }, - { - "name" : "20170628 [CORE-2017-0003] - Kaspersky Anti-Virus File Server Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/33" - }, - { - "name" : "http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities" - }, - { - "name" : "99330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99330" - }, - { - "name" : "1038798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170628 [CORE-2017-0003] - Kaspersky Anti-Virus File Server Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Jun/33" + }, + { + "name": "http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html" + }, + { + "name": "99330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99330" + }, + { + "name": "1038798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038798" + }, + { + "name": "42269", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42269/" + }, + { + "name": "https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9908.json b/2017/9xxx/CVE-2017-9908.json index 1063888c3a9..b22a786f2b3 100644 --- a/2017/9xxx/CVE-2017-9908.json +++ b/2017/9xxx/CVE-2017-9908.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a \"Read Access Violation starting at Xfpx+0x000000000000d6da.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a \"Read Access Violation starting at Xfpx+0x000000000000d6da.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0745.json b/2018/0xxx/CVE-2018-0745.json index 66d86d8219c..39a8f6f87f1 100644 --- a/2018/0xxx/CVE-2018-0745.json +++ b/2018/0xxx/CVE-2018-0745.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2018-0745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2018-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows kernel", + "version": { + "version_data": [ + { + "version_value": "Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43470", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43470/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745" - }, - { - "name" : "102353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102353" - }, - { - "name" : "1040097", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040097", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040097" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745" + }, + { + "name": "102353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102353" + }, + { + "name": "43470", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43470/" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0889.json b/2018/0xxx/CVE-2018-0889.json index fc4ae466346..f676d126e83 100644 --- a/2018/0xxx/CVE-2018-0889.json +++ b/2018/0xxx/CVE-2018-0889.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0889", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0889" - }, - { - "name" : "103295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103295" - }, - { - "name" : "1040510", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040510", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040510" + }, + { + "name": "103295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103295" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0889", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0889" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16194.json b/2018/16xxx/CVE-2018-16194.json index 36b2f65f6f1..253abff4172 100644 --- a/2018/16xxx/CVE-2018-16194.json +++ b/2018/16xxx/CVE-2018-16194.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aterm WF1200CR and Aterm WG1200CR", - "version" : { - "version_data" : [ - { - "version_value" : "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "NEC Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm WF1200CR and Aterm WG1200CR", + "version": { + "version_data": [ + { + "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jpn.nec.com/security-info/secinfo/nv18-021.html", - "refsource" : "MISC", - "url" : "https://jpn.nec.com/security-info/secinfo/nv18-021.html" - }, - { - "name" : "JVN#87535892", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN87535892/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#87535892", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN87535892/index.html" + }, + { + "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html", + "refsource": "MISC", + "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16386.json b/2018/16xxx/CVE-2018-16386.json index 3a1f82823a6..85ac6b6d334 100644 --- a/2018/16xxx/CVE-2018-16386.json +++ b/2018/16xxx/CVE-2018-16386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16386", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16386", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16444.json b/2018/16xxx/CVE-2018-16444.json index c3fd7a386a6..4c72172525b 100644 --- a/2018/16xxx/CVE-2018-16444.json +++ b/2018/16xxx/CVE-2018-16444.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms3.md", - "refsource" : "MISC", - "url" : "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms3.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms3.md", + "refsource": "MISC", + "url": "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms3.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16512.json b/2018/16xxx/CVE-2018-16512.json index 755d46607e6..4f411b720e9 100644 --- a/2018/16xxx/CVE-2018-16512.json +++ b/2018/16xxx/CVE-2018-16512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16909.json b/2018/16xxx/CVE-2018-16909.json index 87a8b9e1910..5914af8b1c0 100644 --- a/2018/16xxx/CVE-2018-16909.json +++ b/2018/16xxx/CVE-2018-16909.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16909", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16909", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19358.json b/2018/19xxx/CVE-2018-19358.json index face2ad5347..b3bf8849d9b 100644 --- a/2018/19xxx/CVE-2018-19358.json +++ b/2018/19xxx/CVE-2018-19358.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365" - }, - { - "name" : "https://github.com/sungjungk/keyring_crack", - "refsource" : "MISC", - "url" : "https://github.com/sungjungk/keyring_crack" - }, - { - "name" : "https://www.youtube.com/watch?v=Do4E9ZQaPck", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=Do4E9ZQaPck" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365" + }, + { + "name": "https://github.com/sungjungk/keyring_crack", + "refsource": "MISC", + "url": "https://github.com/sungjungk/keyring_crack" + }, + { + "name": "https://www.youtube.com/watch?v=Do4E9ZQaPck", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=Do4E9ZQaPck" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4010.json b/2018/4xxx/CVE-2018-4010.json index 895d322f232..5ea1413e65b 100644 --- a/2018/4xxx/CVE-2018-4010.json +++ b/2018/4xxx/CVE-2018-4010.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-09-07T00:00:00", - "ID" : "CVE-2018-4010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ProtonVPN", - "version" : { - "version_data" : [ - { - "version_value" : "ProtonVPN VPN Client 1.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-09-07T00:00:00", + "ID": "CVE-2018-4010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ProtonVPN", + "version": { + "version_data": [ + { + "version_value": "ProtonVPN VPN Client 1.5.1" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0679", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0679" - }, - { - "name" : "105319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0679", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0679" + }, + { + "name": "105319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105319" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4069.json b/2018/4xxx/CVE-2018-4069.json index 9a59add174b..33736f6be3e 100644 --- a/2018/4xxx/CVE-2018-4069.json +++ b/2018/4xxx/CVE-2018-4069.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4069", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4069", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4096.json b/2018/4xxx/CVE-2018-4096.json index f3e1cfb76e4..a10ced505ef 100644 --- a/2018/4xxx/CVE-2018-4096.json +++ b/2018/4xxx/CVE-2018-4096.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208462", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208462" - }, - { - "name" : "https://support.apple.com/HT208463", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208463" - }, - { - "name" : "https://support.apple.com/HT208464", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208464" - }, - { - "name" : "https://support.apple.com/HT208465", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208465" - }, - { - "name" : "https://support.apple.com/HT208473", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208473" - }, - { - "name" : "https://support.apple.com/HT208474", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208474" - }, - { - "name" : "https://support.apple.com/HT208475", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208475" - }, - { - "name" : "USN-3551-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3551-1/" - }, - { - "name" : "102775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102775" - }, - { - "name" : "1040265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040265" - }, - { - "name" : "1040266", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040266" - }, - { - "name" : "1040267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208462", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208462" + }, + { + "name": "1040266", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040266" + }, + { + "name": "https://support.apple.com/HT208465", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208465" + }, + { + "name": "1040265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040265" + }, + { + "name": "https://support.apple.com/HT208474", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208474" + }, + { + "name": "USN-3551-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3551-1/" + }, + { + "name": "https://support.apple.com/HT208464", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208464" + }, + { + "name": "1040267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040267" + }, + { + "name": "https://support.apple.com/HT208473", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208473" + }, + { + "name": "https://support.apple.com/HT208475", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208475" + }, + { + "name": "102775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102775" + }, + { + "name": "https://support.apple.com/HT208463", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208463" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4783.json b/2018/4xxx/CVE-2018-4783.json index ef4fecff9d0..c56c8da9135 100644 --- a/2018/4xxx/CVE-2018-4783.json +++ b/2018/4xxx/CVE-2018-4783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4783", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4783", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file