diff --git a/2008/0xxx/CVE-2008-0112.json b/2008/0xxx/CVE-2008-0112.json index 6bddd61dc16..98aaa4bb58e 100644 --- a/2008/0xxx/CVE-2008-0112.json +++ b/2008/0xxx/CVE-2008-0112.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka \"Excel File Import Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-0112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02320", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120585858807305&w=2" - }, - { - "name" : "SSRT080028", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120585858807305&w=2" - }, - { - "name" : "MS08-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014" - }, - { - "name" : "TA08-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-071A.html" - }, - { - "name" : "28095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28095" - }, - { - "name" : "ADV-2008-0846", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0846/references" - }, - { - "name" : "oval:org.mitre.oval:def:5284", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5284" - }, - { - "name" : "1019583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka \"Excel File Import Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019583" + }, + { + "name": "TA08-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html" + }, + { + "name": "oval:org.mitre.oval:def:5284", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5284" + }, + { + "name": "MS08-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014" + }, + { + "name": "SSRT080028", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2" + }, + { + "name": "HPSBST02320", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2" + }, + { + "name": "28095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28095" + }, + { + "name": "ADV-2008-0846", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0846/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0151.json b/2008/0xxx/CVE-2008-0151.json index 4988618d068..35aaace1703 100644 --- a/2008/0xxx/CVE-2008-0151.json +++ b/2008/0xxx/CVE-2008-0151.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080104 Some DoS in some telnet servers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485812/100/0/threaded" - }, - { - "name" : "20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488366/100/200/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/waccaz-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/waccaz-adv.txt" - }, - { - "name" : "http://aluigi.altervista.org/adv/wachof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/wachof-adv.txt" - }, - { - "name" : "27142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27142" - }, - { - "name" : "28272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28272" - }, - { - "name" : "3525", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3525" - }, - { - "name" : "wacserver-option-dos(39427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3525", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3525" + }, + { + "name": "27142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27142" + }, + { + "name": "wacserver-option-dos(39427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39427" + }, + { + "name": "http://aluigi.altervista.org/adv/waccaz-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/waccaz-adv.txt" + }, + { + "name": "20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488366/100/200/threaded" + }, + { + "name": "20080104 Some DoS in some telnet servers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485812/100/0/threaded" + }, + { + "name": "28272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28272" + }, + { + "name": "http://aluigi.altervista.org/adv/wachof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/wachof-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0543.json b/2008/0xxx/CVE-2008-0543.json index 14d54fec7ea..d0905892e2c 100644 --- a/2008/0xxx/CVE-2008-0543.json +++ b/2008/0xxx/CVE-2008-0543.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080124 Pre Dynamic Institution bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487054/100/0/threaded" - }, - { - "name" : "27451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27451" - }, - { - "name" : "28651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28651" - }, - { - "name" : "3603", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3603" - }, - { - "name" : "predynamic-login-sql-injection(39942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "predynamic-login-sql-injection(39942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39942" + }, + { + "name": "28651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28651" + }, + { + "name": "3603", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3603" + }, + { + "name": "20080124 Pre Dynamic Institution bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487054/100/0/threaded" + }, + { + "name": "27451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27451" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0661.json b/2008/0xxx/CVE-2008-0661.json index 58ab7db1a04..ff4a02df819 100644 --- a/2008/0xxx/CVE-2008-0661.json +++ b/2008/0xxx/CVE-2008-0661.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080205 dBpowerAMP Audio Player Release 2 Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487605/100/0/threaded" - }, - { - "name" : "5067", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5067" - }, - { - "name" : "5069", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5069" - }, - { - "name" : "27635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27635" - }, - { - "name" : "27639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27639" - }, - { - "name" : "3623", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5067", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5067" + }, + { + "name": "5069", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5069" + }, + { + "name": "27639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27639" + }, + { + "name": "20080205 dBpowerAMP Audio Player Release 2 Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487605/100/0/threaded" + }, + { + "name": "3623", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3623" + }, + { + "name": "27635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27635" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1092.json b/2008/1xxx/CVE-2008-1092.json index 522c5b7f9fd..19d4589135c 100644 --- a/2008/1xxx/CVE-2008-1092.json +++ b/2008/1xxx/CVE-2008-1092.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-1092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02336", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" - }, - { - "name" : "SSRT080071", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" - }, - { - "name" : "MS08-028", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028" - }, - { - "name" : "950627", - "refsource" : "MSKB", - "url" : "http://www.microsoft.com/technet/security/advisory/950627.mspx" - }, - { - "name" : "VU#936529", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/936529" - }, - { - "name" : "1019686", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019686" - }, - { - "name" : "microsoft-jet-msjet40-bo(41380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019686", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019686" + }, + { + "name": "VU#936529", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/936529" + }, + { + "name": "MS08-028", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028" + }, + { + "name": "microsoft-jet-msjet40-bo(41380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41380" + }, + { + "name": "SSRT080071", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2" + }, + { + "name": "HPSBST02336", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2" + }, + { + "name": "950627", + "refsource": "MSKB", + "url": "http://www.microsoft.com/technet/security/advisory/950627.mspx" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1119.json b/2008/1xxx/CVE-2008-1119.json index 82419e19bfc..dc07fc0aec2 100644 --- a/2008/1xxx/CVE-2008-1119.json +++ b/2008/1xxx/CVE-2008-1119.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5204", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5204" - }, - { - "name" : "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html", - "refsource" : "CONFIRM", - "url" : "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html" - }, - { - "name" : "28022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html", + "refsource": "CONFIRM", + "url": "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html" + }, + { + "name": "5204", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5204" + }, + { + "name": "28022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28022" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1470.json b/2008/1xxx/CVE-2008-1470.json index d6b2c2d0df5..d619e4dfd64 100644 --- a/2008/1xxx/CVE-2008-1470.json +++ b/2008/1xxx/CVE-2008-1470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080317 Security Advisory on RSA Web ID (XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489691/100/0/threaded" - }, - { - "name" : "28277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28277" - }, - { - "name" : "3768", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080317 Security Advisory on RSA Web ID (XSS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489691/100/0/threaded" + }, + { + "name": "28277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28277" + }, + { + "name": "3768", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3768" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1589.json b/2008/1xxx/CVE-2008-1589.json index b80aa58f6d7..ad3913d4df6 100644 --- a/2008/1xxx/CVE-2008-1589.json +++ b/2008/1xxx/CVE-2008-1589.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-07-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html" - }, - { - "name" : "JVN#88676089", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN88676089/index.html" - }, - { - "name" : "JVNDB-2008-000039", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html" - }, - { - "name" : "30186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30186" - }, - { - "name" : "ADV-2008-2094", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2094/references" - }, - { - "name" : "31074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31074" - }, - { - "name" : "ipod-iphone-certificate-info-disclosure(43734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ipod-iphone-certificate-info-disclosure(43734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734" + }, + { + "name": "30186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30186" + }, + { + "name": "JVN#88676089", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN88676089/index.html" + }, + { + "name": "APPLE-SA-2008-07-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html" + }, + { + "name": "ADV-2008-2094", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2094/references" + }, + { + "name": "JVNDB-2008-000039", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html" + }, + { + "name": "31074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31074" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1757.json b/2008/1xxx/CVE-2008-1757.json index 329be171803..d5cc318771f 100644 --- a/2008/1xxx/CVE-2008-1757.json +++ b/2008/1xxx/CVE-2008-1757.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080404 KwsPHP Module ConcoursPhoto XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490470/100/0/threaded" - }, - { - "name" : "28612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28612" - }, - { - "name" : "3809", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3809" - }, - { - "name" : "concoursphoto-index-xss(41814)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3809", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3809" + }, + { + "name": "28612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28612" + }, + { + "name": "concoursphoto-index-xss(41814)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41814" + }, + { + "name": "20080404 KwsPHP Module ConcoursPhoto XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490470/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4045.json b/2008/4xxx/CVE-2008-4045.json index 337de2442e4..9be0dcaaa3f 100644 --- a/2008/4xxx/CVE-2008-4045.json +++ b/2008/4xxx/CVE-2008-4045.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt" - }, - { - "name" : "31720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31720" - }, - { - "name" : "31727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31727" - }, - { - "name" : "atmail-parse-showmail-abook-xss(44860)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "atmail-parse-showmail-abook-xss(44860)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44860" + }, + { + "name": "31720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31720" + }, + { + "name": "31727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31727" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4461.json b/2008/4xxx/CVE-2008-4461.json index 11ac58b1720..0c13eed8418 100644 --- a/2008/4xxx/CVE-2008-4461.json +++ b/2008/4xxx/CVE-2008-4461.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6388", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6388" - }, - { - "name" : "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html", - "refsource" : "MISC", - "url" : "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html" - }, - { - "name" : "31043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31043" - }, - { - "name" : "31747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31747" - }, - { - "name" : "datingzone-advancedsearch-sql-injection(44946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31043" + }, + { + "name": "datingzone-advancedsearch-sql-injection(44946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44946" + }, + { + "name": "6388", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6388" + }, + { + "name": "31747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31747" + }, + { + "name": "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html", + "refsource": "MISC", + "url": "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4641.json b/2008/4xxx/CVE-2008-4641.json index cd0859c06ea..8a9afaf3df1 100644 --- a/2008/4xxx/CVE-2008-4641.json +++ b/2008/4xxx/CVE-2008-4641.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081015 CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/15/5" - }, - { - "name" : "[oss-security] 20081015 Re: CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/15/6" - }, - { - "name" : "[oss-security] 20081016 Re: CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/16/3" - }, - { - "name" : "[oss-security] 20081127 Re: CVE request: jhead", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/26/4" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" - }, - { - "name" : "31921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31921" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" + }, + { + "name": "[oss-security] 20081015 CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5" + }, + { + "name": "[oss-security] 20081127 Re: CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4" + }, + { + "name": "[oss-security] 20081016 Re: CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3" + }, + { + "name": "[oss-security] 20081015 Re: CVE request: jhead", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5424.json b/2008/5xxx/CVE-2008-5424.json index 6e0640fb708..b1470ed3040 100644 --- a/2008/5xxx/CVE-2008-5424.json +++ b/2008/5xxx/CVE-2008-5424.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 DoS attacks on MIME-capable software via complex MIME emails", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499038/100/0/threaded" - }, - { - "name" : "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499045/100/0/threaded" - }, - { - "name" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro", - "refsource" : "MISC", - "url" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro" - }, - { - "name" : "32702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32702" - }, - { - "name" : "4721", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro", + "refsource": "MISC", + "url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro" + }, + { + "name": "4721", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4721" + }, + { + "name": "32702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32702" + }, + { + "name": "20081208 DoS attacks on MIME-capable software via complex MIME emails", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded" + }, + { + "name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2060.json b/2013/2xxx/CVE-2013-2060.json index ddea5873614..43f5daa1d3b 100644 --- a/2013/2xxx/CVE-2013-2060.json +++ b/2013/2xxx/CVE-2013-2060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2060", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2060", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3194.json b/2013/3xxx/CVE-2013-3194.json index 5d7c1681eee..be49d99f978 100644 --- a/2013/3xxx/CVE-2013-3194.json +++ b/2013/3xxx/CVE-2013-3194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059" - }, - { - "name" : "TA13-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A" - }, - { - "name" : "oval:org.mitre.oval:def:18267", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059" + }, + { + "name": "oval:org.mitre.oval:def:18267", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18267" + }, + { + "name": "TA13-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-225A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3369.json b/2013/3xxx/CVE-2013-3369.json index 90a5d1a741a..c05aef78b0e 100644 --- a/2013/3xxx/CVE-2013-3369.json +++ b/2013/3xxx/CVE-2013-3369.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20130522 RT 3.8.17 released", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html" - }, - { - "name" : "[rt-announce] 20130522 RT 4.0.13 released", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" - }, - { - "name" : "[rt-announce] 20130522 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" - }, - { - "name" : "DSA-2670", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2670" - }, - { - "name" : "93610", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93610" - }, - { - "name" : "53505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53505" - }, - { - "name" : "53522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20130522 RT 3.8.17 released", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html" + }, + { + "name": "93610", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93610" + }, + { + "name": "[rt-announce] 20130522 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" + }, + { + "name": "[rt-announce] 20130522 RT 4.0.13 released", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" + }, + { + "name": "53505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53505" + }, + { + "name": "DSA-2670", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2670" + }, + { + "name": "53522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53522" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3516.json b/2013/3xxx/CVE-2013-3516.json index bf4d273f28d..66827c3070c 100644 --- a/2013/3xxx/CVE-2013-3516.json +++ b/2013/3xxx/CVE-2013-3516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3533.json b/2013/3xxx/CVE-2013-3533.json index dfd0f2455a5..d902725edd0 100644 --- a/2013/3xxx/CVE-2013-3533.json +++ b/2013/3xxx/CVE-2013-3533.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130402 NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0011.html" - }, - { - "name" : "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html" - }, - { - "name" : "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf", - "refsource" : "MISC", - "url" : "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf" - }, - { - "name" : "58816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58816" - }, - { - "name" : "91887", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/91887" - }, - { - "name" : "52801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52801" - }, - { - "name" : "virtualaccess-unspecified-sql-injection(83179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf", + "refsource": "MISC", + "url": "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf" + }, + { + "name": "20130402 NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0011.html" + }, + { + "name": "58816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58816" + }, + { + "name": "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html" + }, + { + "name": "91887", + "refsource": "OSVDB", + "url": "http://osvdb.org/91887" + }, + { + "name": "virtualaccess-unspecified-sql-injection(83179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83179" + }, + { + "name": "52801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52801" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4344.json b/2013/4xxx/CVE-2013-4344.json index ad35ddbdac2..03b49f06dfa 100644 --- a/2013/4xxx/CVE-2013-4344.json +++ b/2013/4xxx/CVE-2013-4344.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/02/2" - }, - { - "name" : "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.emulators.qemu/237191" - }, - { - "name" : "RHSA-2013:1553", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1553.html" - }, - { - "name" : "RHSA-2013:1754", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1754.html" - }, - { - "name" : "openSUSE-SU-2014:1279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:1281", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" - }, - { - "name" : "USN-2092-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2092-1" - }, - { - "name" : "62773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62773" - }, - { - "name" : "98028", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1281", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" + }, + { + "name": "62773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62773" + }, + { + "name": "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191" + }, + { + "name": "openSUSE-SU-2014:1279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" + }, + { + "name": "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/02/2" + }, + { + "name": "98028", + "refsource": "OSVDB", + "url": "http://osvdb.org/98028" + }, + { + "name": "RHSA-2013:1754", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html" + }, + { + "name": "RHSA-2013:1553", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html" + }, + { + "name": "USN-2092-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2092-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4421.json b/2013/4xxx/CVE-2013-4421.json index ee926f71e82..691b0ebc6d6 100644 --- a/2013/4xxx/CVE-2013-4421.json +++ b/2013/4xxx/CVE-2013-4421.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131010 Re: CVE Request: dropbear sshd daemon 2013.59 release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/11/4" - }, - { - "name" : "https://matt.ucc.asn.au/dropbear/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://matt.ucc.asn.au/dropbear/CHANGES" - }, - { - "name" : "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f", - "refsource" : "CONFIRM", - "url" : "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f" - }, - { - "name" : "https://support.citrix.com/article/CTX216642", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX216642" - }, - { - "name" : "FEDORA-2013-18593", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.html" - }, - { - "name" : "FEDORA-2013-18606", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.html" - }, - { - "name" : "openSUSE-SU-2013:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html" - }, - { - "name" : "openSUSE-SU-2013:1696", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html" - }, - { - "name" : "62958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62958" - }, - { - "name" : "55173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55173" + }, + { + "name": "https://matt.ucc.asn.au/dropbear/CHANGES", + "refsource": "CONFIRM", + "url": "https://matt.ucc.asn.au/dropbear/CHANGES" + }, + { + "name": "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f", + "refsource": "CONFIRM", + "url": "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f" + }, + { + "name": "FEDORA-2013-18593", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.html" + }, + { + "name": "openSUSE-SU-2013:1696", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html" + }, + { + "name": "62958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62958" + }, + { + "name": "https://support.citrix.com/article/CTX216642", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX216642" + }, + { + "name": "FEDORA-2013-18606", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.html" + }, + { + "name": "openSUSE-SU-2013:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html" + }, + { + "name": "[oss-security] 20131010 Re: CVE Request: dropbear sshd daemon 2013.59 release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/11/4" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4754.json b/2013/4xxx/CVE-2013-4754.json index addfcbafe4f..2ba22b0b16f 100644 --- a/2013/4xxx/CVE-2013-4754.json +++ b/2013/4xxx/CVE-2013-4754.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xchg.info/?p=400", - "refsource" : "MISC", - "url" : "http://www.xchg.info/?p=400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xchg.info/?p=400", + "refsource": "MISC", + "url": "http://www.xchg.info/?p=400" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6395.json b/2013/6xxx/CVE-2013-6395.json index 7fa93b20f31..7f2a62e736f 100644 --- a/2013/6xxx/CVE-2013-6395.json +++ b/2013/6xxx/CVE-2013-6395.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 Re: CVE request: XSS flaw in Ganglia web interface", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/346" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507" - }, - { - "name" : "http://www.rusty-ice.de/advisory/advisory_2013002.txt", - "refsource" : "MISC", - "url" : "http://www.rusty-ice.de/advisory/advisory_2013002.txt" - }, - { - "name" : "https://github.com/ganglia/ganglia-web/issues/218", - "refsource" : "MISC", - "url" : "https://github.com/ganglia/ganglia-web/issues/218" - }, - { - "name" : "100380", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100380" - }, - { - "name" : "55854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55854" - }, - { - "name" : "gangliaweb-cve20136395-xss(89272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131126 Re: CVE request: XSS flaw in Ganglia web interface", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/346" + }, + { + "name": "https://github.com/ganglia/ganglia-web/issues/218", + "refsource": "MISC", + "url": "https://github.com/ganglia/ganglia-web/issues/218" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507" + }, + { + "name": "gangliaweb-cve20136395-xss(89272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89272" + }, + { + "name": "55854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55854" + }, + { + "name": "http://www.rusty-ice.de/advisory/advisory_2013002.txt", + "refsource": "MISC", + "url": "http://www.rusty-ice.de/advisory/advisory_2013002.txt" + }, + { + "name": "100380", + "refsource": "OSVDB", + "url": "http://osvdb.org/100380" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6533.json b/2013/6xxx/CVE-2013-6533.json index 6fc9731eb1f..983131cc4c6 100644 --- a/2013/6xxx/CVE-2013-6533.json +++ b/2013/6xxx/CVE-2013-6533.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6533", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6533", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6586.json b/2013/6xxx/CVE-2013-6586.json index 3d664e0f5a4..45ec8646853 100644 --- a/2013/6xxx/CVE-2013-6586.json +++ b/2013/6xxx/CVE-2013-6586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6586", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6586", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7188.json b/2013/7xxx/CVE-2013-7188.json index 1c2d5ae2f8d..7c2eb8524f8 100644 --- a/2013/7xxx/CVE-2013-7188.json +++ b/2013/7xxx/CVE-2013-7188.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099", - "refsource" : "MISC", - "url" : "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099" - }, - { - "name" : "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/", - "refsource" : "CONFIRM", - "url" : "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/" - }, - { - "name" : "http://hostbillapp.com/changelog", - "refsource" : "CONFIRM", - "url" : "http://hostbillapp.com/changelog" - }, - { - "name" : "101030", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101030" - }, - { - "name" : "56124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56124" - }, - { - "name" : "hostbill-unspecified-xss(89750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56124" + }, + { + "name": "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/", + "refsource": "CONFIRM", + "url": "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/" + }, + { + "name": "101030", + "refsource": "OSVDB", + "url": "http://osvdb.org/101030" + }, + { + "name": "hostbill-unspecified-xss(89750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89750" + }, + { + "name": "http://hostbillapp.com/changelog", + "refsource": "CONFIRM", + "url": "http://hostbillapp.com/changelog" + }, + { + "name": "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099", + "refsource": "MISC", + "url": "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7305.json b/2013/7xxx/CVE-2013-7305.json index 371da9b8a34..d59a07559db 100644 --- a/2013/7xxx/CVE-2013-7305.json +++ b/2013/7xxx/CVE-2013-7305.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/p/e107/svn/13114", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/e107/svn/13114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/p/e107/svn/13114", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/e107/svn/13114" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10325.json b/2017/10xxx/CVE-2017-10325.json index ae59702d7e7..fd90bb0c402 100644 --- a/2017/10xxx/CVE-2017-10325.json +++ b/2017/10xxx/CVE-2017-10325.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Common Applications Calendar", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Common Applications Calendar", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101311" - }, - { - "name" : "1039592", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101311" + }, + { + "name": "1039592", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039592" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10409.json b/2017/10xxx/CVE-2017-10409.json index e0fc8da581d..a43123bdba1 100644 --- a/2017/10xxx/CVE-2017-10409.json +++ b/2017/10xxx/CVE-2017-10409.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iStore", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101332" - }, - { - "name" : "1039592", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "1039592", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039592" + }, + { + "name": "101332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101332" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10494.json b/2017/10xxx/CVE-2017-10494.json index c97d116ef25..fbeebbc0e31 100644 --- a/2017/10xxx/CVE-2017-10494.json +++ b/2017/10xxx/CVE-2017-10494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10494", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10494", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10874.json b/2017/10xxx/CVE-2017-10874.json index 4d3c2cdce4b..884620e0179 100644 --- a/2017/10xxx/CVE-2017-10874.json +++ b/2017/10xxx/CVE-2017-10874.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PWR-Q200", - "version" : { - "version_data" : [ - { - "version_value" : "all firmware versions" - } - ] - } - } - ] - }, - "vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Insufficiently Random Values" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PWR-Q200", + "version": { + "version_data": [ + { + "version_value": "all firmware versions" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://web116.jp/shop/hikari_p/q200/q200_00.html", - "refsource" : "CONFIRM", - "url" : "http://web116.jp/shop/hikari_p/q200/q200_00.html" - }, - { - "name" : "JVN#73141967", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN73141967/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Insufficiently Random Values" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://web116.jp/shop/hikari_p/q200/q200_00.html", + "refsource": "CONFIRM", + "url": "http://web116.jp/shop/hikari_p/q200/q200_00.html" + }, + { + "name": "JVN#73141967", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN73141967/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13184.json b/2017/13xxx/CVE-2017-13184.json index f7b25a22ac5..49dcb3009fe 100644 --- a/2017/13xxx/CVE-2017-13184.json +++ b/2017/13xxx/CVE-2017-13184.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "102414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102414" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + }, + { + "name": "102414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102414" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13582.json b/2017/13xxx/CVE-2017-13582.json index 666eb392078..0fe5613b865 100644 --- a/2017/13xxx/CVE-2017-13582.json +++ b/2017/13xxx/CVE-2017-13582.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13582", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13582", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13909.json b/2017/13xxx/CVE-2017-13909.json index ae564021f88..6a72cf7680f 100644 --- a/2017/13xxx/CVE-2017-13909.json +++ b/2017/13xxx/CVE-2017-13909.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13909", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13909", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17107.json b/2017/17xxx/CVE-2017-17107.json index 27a10341159..5b432bc1aa8 100644 --- a/2017/17xxx/CVE-2017-17107.json +++ b/2017/17xxx/CVE-2017-17107.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171212 Three exploits for Zivif Web Cameras (may impact others)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Dec/42" - }, - { - "name" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html" - }, - { - "name" : "https://twitter.com/silascutler/status/938052460328968192", - "refsource" : "MISC", - "url" : "https://twitter.com/silascutler/status/938052460328968192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/silascutler/status/938052460328968192", + "refsource": "MISC", + "url": "https://twitter.com/silascutler/status/938052460328968192" + }, + { + "name": "20171212 Three exploits for Zivif Web Cameras (may impact others)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Dec/42" + }, + { + "name": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17669.json b/2017/17xxx/CVE-2017-17669.json index d1165fd7368..f9bffa5d68f 100644 --- a/2017/17xxx/CVE-2017-17669.json +++ b/2017/17xxx/CVE-2017-17669.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exiv2/exiv2/issues/187", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/187" - }, - { - "name" : "USN-3852-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3852-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exiv2/exiv2/issues/187", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/187" + }, + { + "name": "USN-3852-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3852-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17712.json b/2017/17xxx/CVE-2017-17712.json index 74eb4c17ce6..9dba9db6fa6 100644 --- a/2017/17xxx/CVE-2017-17712.json +++ b/2017/17xxx/CVE-2017-17712.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - }, - { - "name" : "DSA-4073", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4073" - }, - { - "name" : "RHSA-2018:0502", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0502" - }, - { - "name" : "USN-3581-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3581-1/" - }, - { - "name" : "USN-3581-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3581-2/" - }, - { - "name" : "USN-3581-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3581-3/" - }, - { - "name" : "USN-3582-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3582-1/" - }, - { - "name" : "USN-3582-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3582-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483" + }, + { + "name": "USN-3582-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3582-1/" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + }, + { + "name": "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483" + }, + { + "name": "USN-3581-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3581-1/" + }, + { + "name": "USN-3581-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3581-3/" + }, + { + "name": "USN-3581-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3581-2/" + }, + { + "name": "DSA-4073", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4073" + }, + { + "name": "RHSA-2018:0502", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0502" + }, + { + "name": "USN-3582-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3582-2/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17910.json b/2017/17xxx/CVE-2017-17910.json index af3263123e6..89157137a9d 100644 --- a/2017/17xxx/CVE-2017-17910.json +++ b/2017/17xxx/CVE-2017-17910.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well (\"wireless cloning\"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf", - "refsource" : "MISC", - "url" : "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf" - }, - { - "name" : "https://www.trustworks.at/publications", - "refsource" : "MISC", - "url" : "https://www.trustworks.at/publications" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well (\"wireless cloning\"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustworks.at/publications", + "refsource": "MISC", + "url": "https://www.trustworks.at/publications" + }, + { + "name": "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf", + "refsource": "MISC", + "url": "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17939.json b/2017/17xxx/CVE-2017-17939.json index e5bbd349fda..694cdd4edbc 100644 --- a/2017/17xxx/CVE-2017-17939.json +++ b/2017/17xxx/CVE-2017-17939.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9019.json b/2017/9xxx/CVE-2017-9019.json index ba2f3e05a6b..8fe3b380298 100644 --- a/2017/9xxx/CVE-2017-9019.json +++ b/2017/9xxx/CVE-2017-9019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9019", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9019", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9029.json b/2017/9xxx/CVE-2017-9029.json index 92a3843fdf5..e83a34d9f72 100644 --- a/2017/9xxx/CVE-2017-9029.json +++ b/2017/9xxx/CVE-2017-9029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9525.json b/2017/9xxx/CVE-2017-9525.json index e8a35cc16f1..3da0c4be457 100644 --- a/2017/9xxx/CVE-2017-9525.json +++ b/2017/9xxx/CVE-2017-9525.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/864466", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/864466" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2017/06/08/3", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/06/08/3" - }, - { - "name" : "1038651", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/864466", + "refsource": "MISC", + "url": "http://bugs.debian.org/864466" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/06/08/3", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/06/08/3" + }, + { + "name": "1038651", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038651" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9835.json b/2017/9xxx/CVE-2017-9835.json index debfa3bea64..2ccb88657de 100644 --- a/2017/9xxx/CVE-2017-9835.json +++ b/2017/9xxx/CVE-2017-9835.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697985", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697985" - }, - { - "name" : "DSA-3986", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3986" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "99991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697985", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697985" + }, + { + "name": "DSA-3986", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3986" + }, + { + "name": "99991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99991" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0564.json b/2018/0xxx/CVE-2018-0564.json index 207db2a39da..577c6259cfa 100644 --- a/2018/0xxx/CVE-2018-0564.json +++ b/2018/0xxx/CVE-2018-0564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EC-CUBE", - "version" : { - "version_data" : [ - { - "version_value" : "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)" - } - ] - } - } - ] - }, - "vendor_name" : "LOCKON CO.,LTD." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Session fixation" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EC-CUBE", + "version": { + "version_data": [ + { + "version_value": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)" + } + ] + } + } + ] + }, + "vendor_name": "LOCKON CO.,LTD." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ec-cube.net/info/weakness/20180416/", - "refsource" : "CONFIRM", - "url" : "https://www.ec-cube.net/info/weakness/20180416/" - }, - { - "name" : "JVN#52695336", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN52695336/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session fixation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ec-cube.net/info/weakness/20180416/", + "refsource": "CONFIRM", + "url": "https://www.ec-cube.net/info/weakness/20180416/" + }, + { + "name": "JVN#52695336", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN52695336/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0605.json b/2018/0xxx/CVE-2018-0605.json index 372d917acf7..63979d2e92b 100644 --- a/2018/0xxx/CVE-2018-0605.json +++ b/2018/0xxx/CVE-2018-0605.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pixelpost", - "version" : { - "version_data" : [ - { - "version_value" : "v1.7.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Pixelpost.org" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pixelpost", + "version": { + "version_data": [ + { + "version_value": "v1.7.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Pixelpost.org" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#27978559", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN27978559/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#27978559", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN27978559/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0716.json b/2018/0xxx/CVE-2018-0716.json index 361c24d0435..40f953056f0 100644 --- a/2018/0xxx/CVE-2018-0716.json +++ b/2018/0xxx/CVE-2018-0716.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "ID" : "CVE-2018-0716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Qsync Central", - "version" : { - "version_data" : [ - { - "version_value" : "QTS 4.2.6 build 20180711, QTS 4.3.3 Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5 Qsync Central 3.0.4 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "ID": "CVE-2018-0716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Qsync Central", + "version": { + "version_data": [ + { + "version_value": "QTS 4.2.6 build 20180711, QTS 4.3.3 Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5 Qsync Central 3.0.4 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18385.json b/2018/18xxx/CVE-2018-18385.json index c8d9b919415..8bc4faffedc 100644 --- a/2018/18xxx/CVE-2018-18385.json +++ b/2018/18xxx/CVE-2018-18385.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/asciidoctor/asciidoctor/issues/2888", - "refsource" : "MISC", - "url" : "https://github.com/asciidoctor/asciidoctor/issues/2888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/asciidoctor/asciidoctor/issues/2888", + "refsource": "MISC", + "url": "https://github.com/asciidoctor/asciidoctor/issues/2888" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19346.json b/2018/19xxx/CVE-2018-19346.json index 0753301fbe8..7e096bd4390 100644 --- a/2018/19xxx/CVE-2018-19346.json +++ b/2018/19xxx/CVE-2018-19346.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html", - "refsource" : "MISC", - "url" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html" - }, - { - "name" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/", - "refsource" : "MISC", - "url" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html", + "refsource": "MISC", + "url": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html" + }, + { + "name": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/", + "refsource": "MISC", + "url": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1208.json b/2018/1xxx/CVE-2018-1208.json index d587191eeca..45cfcfb58c2 100644 --- a/2018/1xxx/CVE-2018-1208.json +++ b/2018/1xxx/CVE-2018-1208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1208", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1208", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1322.json b/2018/1xxx/CVE-2018-1322.json index bc994ab5092..e69c8ffc0dd 100644 --- a/2018/1xxx/CVE-2018-1322.json +++ b/2018/1xxx/CVE-2018-1322.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-03-21T00:00:00", - "ID" : "CVE-2018-1322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Syncope", - "version" : { - "version_data" : [ - { - "version_value" : "Releases prior to 1.2.11, Releases prior to 2.0.8" - }, - { - "version_value" : "The unsupported Releases 1.0.x, 1.1.x may be also affected." - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-03-21T00:00:00", + "ID": "CVE-2018-1322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Syncope", + "version": { + "version_data": [ + { + "version_value": "Releases prior to 1.2.11, Releases prior to 2.0.8" + }, + { + "version_value": "The unsupported Releases 1.0.x, 1.1.x may be also affected." + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45400", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45400/" - }, - { - "name" : "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting", - "refsource" : "MISC", - "url" : "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting" - }, - { - "name" : "103507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting", + "refsource": "MISC", + "url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting" + }, + { + "name": "103507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103507" + }, + { + "name": "45400", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45400/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1607.json b/2018/1xxx/CVE-2018-1607.json index 768f43ac625..a02c0ff3758 100644 --- a/2018/1xxx/CVE-2018-1607.json +++ b/2018/1xxx/CVE-2018-1607.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-20T00:00:00", - "ID" : "CVE-2018-1607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Engineering Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "AC" : "L", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "7.100", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-09-20T00:00:00", + "ID": "CVE-2018-1607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Engineering Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" - }, - { - "name" : "ibm-relm-cve20181607-xxe(143797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "AC": "L", + "AV": "N", + "C": "H", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "7.100", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10731511", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731511" + }, + { + "name": "ibm-relm-cve20181607-xxe(143797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143797" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1610.json b/2018/1xxx/CVE-2018-1610.json index 3b18ae025f7..638f87daf12 100644 --- a/2018/1xxx/CVE-2018-1610.json +++ b/2018/1xxx/CVE-2018-1610.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-21T00:00:00", - "ID" : "CVE-2018-1610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-09-21T00:00:00", + "ID": "CVE-2018-1610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10719841", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10719841" - }, - { - "name" : "ibm-dng-cve20181610-xss(143931)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-dng-cve20181610-xss(143931)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143931" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10719841", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719841" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1633.json b/2018/1xxx/CVE-2018-1633.json index b3a1367a635..ffe2fa9bfa7 100644 --- a/2018/1xxx/CVE-2018-1633.json +++ b/2018/1xxx/CVE-2018-1633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1633", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1680.json b/2018/1xxx/CVE-2018-1680.json index 821408def6f..7f78e69b7b6 100644 --- a/2018/1xxx/CVE-2018-1680.json +++ b/2018/1xxx/CVE-2018-1680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1680", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1680", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1817.json b/2018/1xxx/CVE-2018-1817.json index 05ab30681ad..7aed1e324ce 100644 --- a/2018/1xxx/CVE-2018-1817.json +++ b/2018/1xxx/CVE-2018-1817.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-11T00:00:00", - "ID" : "CVE-2018-1817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10" - }, - { - "version_value" : "10.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-11T00:00:00", + "ID": "CVE-2018-1817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10" + }, + { + "version_value": "10.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069" - }, - { - "name" : "ibm-guardium-cve20181817-xss(150021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-guardium-cve20181817-xss(150021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10737069", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737069" + } + ] + } +} \ No newline at end of file