From a66cd54f4ebbd41c9a66ebffb814e40d70fcdf3f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:09:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1244.json | 180 ++++++++-------- 2004/1xxx/CVE-2004-1727.json | 160 +++++++-------- 2008/0xxx/CVE-2008-0256.json | 150 +++++++------- 2008/0xxx/CVE-2008-0841.json | 130 ++++++------ 2008/3xxx/CVE-2008-3625.json | 200 +++++++++--------- 2008/4xxx/CVE-2008-4130.json | 200 +++++++++--------- 2008/4xxx/CVE-2008-4240.json | 34 +-- 2008/4xxx/CVE-2008-4416.json | 210 +++++++++---------- 2008/6xxx/CVE-2008-6047.json | 140 ++++++------- 2008/7xxx/CVE-2008-7139.json | 170 +++++++-------- 2008/7xxx/CVE-2008-7313.json | 240 +++++++++++----------- 2013/2xxx/CVE-2013-2654.json | 34 +-- 2013/2xxx/CVE-2013-2688.json | 140 ++++++------- 2013/2xxx/CVE-2013-2745.json | 34 +-- 2013/2xxx/CVE-2013-2771.json | 34 +-- 2013/3xxx/CVE-2013-3043.json | 130 ++++++------ 2013/6xxx/CVE-2013-6007.json | 34 +-- 2013/6xxx/CVE-2013-6393.json | 320 ++++++++++++++--------------- 2013/6xxx/CVE-2013-6530.json | 34 +-- 2013/6xxx/CVE-2013-6850.json | 34 +-- 2013/7xxx/CVE-2013-7439.json | 180 ++++++++-------- 2017/10xxx/CVE-2017-10154.json | 142 ++++++------- 2017/10xxx/CVE-2017-10350.json | 298 +++++++++++++-------------- 2017/10xxx/CVE-2017-10943.json | 130 ++++++------ 2017/14xxx/CVE-2017-14305.json | 120 +++++------ 2017/14xxx/CVE-2017-14384.json | 132 ++++++------ 2017/14xxx/CVE-2017-14463.json | 122 +++++------ 2017/15xxx/CVE-2017-15371.json | 150 +++++++------- 2017/15xxx/CVE-2017-15693.json | 132 ++++++------ 2017/15xxx/CVE-2017-15695.json | 132 ++++++------ 2017/17xxx/CVE-2017-17536.json | 130 ++++++------ 2017/9xxx/CVE-2017-9094.json | 130 ++++++------ 2017/9xxx/CVE-2017-9323.json | 34 +-- 2017/9xxx/CVE-2017-9892.json | 130 ++++++------ 2018/0xxx/CVE-2018-0198.json | 140 ++++++------- 2018/0xxx/CVE-2018-0256.json | 130 ++++++------ 2018/0xxx/CVE-2018-0281.json | 130 ++++++------ 2018/1000xxx/CVE-2018-1000162.json | 136 ++++++------ 2018/1000xxx/CVE-2018-1000642.json | 136 ++++++------ 2018/1000xxx/CVE-2018-1000810.json | 146 ++++++------- 2018/16xxx/CVE-2018-16256.json | 34 +-- 2018/16xxx/CVE-2018-16756.json | 34 +-- 2018/19xxx/CVE-2018-19024.json | 34 +-- 2018/19xxx/CVE-2018-19119.json | 34 +-- 2018/19xxx/CVE-2018-19155.json | 34 +-- 2018/19xxx/CVE-2018-19332.json | 120 +++++------ 2018/19xxx/CVE-2018-19486.json | 170 +++++++-------- 2018/4xxx/CVE-2018-4105.json | 140 ++++++------- 2018/4xxx/CVE-2018-4576.json | 34 +-- 2018/4xxx/CVE-2018-4744.json | 34 +-- 2018/4xxx/CVE-2018-4807.json | 34 +-- 2019/7xxx/CVE-2019-7418.json | 63 +++++- 52 files changed, 3106 insertions(+), 3047 deletions(-) diff --git a/2004/1xxx/CVE-2004-1244.json b/2004/1xxx/CVE-2004-1244.json index 632a06e7517..6e1ebbb17cd 100644 --- a/2004/1xxx/CVE-2004-1244.json +++ b/2004/1xxx/CVE-2004-1244.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the \"PNG Processing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009" - }, - { - "name" : "VU#259890", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/259890" - }, - { - "name" : "TA05-039A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" - }, - { - "name" : "oval:org.mitre.oval:def:1306", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1306" - }, - { - "name" : "oval:org.mitre.oval:def:1568", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1568" - }, - { - "name" : "oval:org.mitre.oval:def:2379", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2379" - }, - { - "name" : "win-ms05kb890261-update(19096)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the \"PNG Processing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#259890", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/259890" + }, + { + "name": "TA05-039A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" + }, + { + "name": "oval:org.mitre.oval:def:1568", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1568" + }, + { + "name": "oval:org.mitre.oval:def:2379", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2379" + }, + { + "name": "MS05-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009" + }, + { + "name": "oval:org.mitre.oval:def:1306", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1306" + }, + { + "name": "win-ms05kb890261-update(19096)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19096" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1727.json b/2004/1xxx/CVE-2004-1727.json index 2fb2eee8c9e..645cc8c8da3 100644 --- a/2004/1xxx/CVE-2004-1727.json +++ b/2004/1xxx/CVE-2004-1727.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040820 BadBlue Webserver v2.5 Denial Of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109309119502208&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00043-08202004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00043-08202004" - }, - { - "name" : "10983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10983" - }, - { - "name" : "12346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12346" - }, - { - "name" : "badblue-mult-connection-dos(17064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10983" + }, + { + "name": "12346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12346" + }, + { + "name": "20040820 BadBlue Webserver v2.5 Denial Of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109309119502208&w=2" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00043-08202004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00043-08202004" + }, + { + "name": "badblue-mult-connection-dos(17064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17064" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0256.json b/2008/0xxx/CVE-2008-0256.json index c00389ea4b7..4b61c509b3c 100644 --- a/2008/0xxx/CVE-2008-0256.json +++ b/2008/0xxx/CVE-2008-0256.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4900", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4900" - }, - { - "name" : "27262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27262" - }, - { - "name" : "28447", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28447" - }, - { - "name" : "aspphotogallery-multiple-sql-injection(39646)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28447", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28447" + }, + { + "name": "4900", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4900" + }, + { + "name": "27262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27262" + }, + { + "name": "aspphotogallery-multiple-sql-injection(39646)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39646" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0841.json b/2008/0xxx/CVE-2008-0841.json index 0faabd919b2..2e4c10e0752 100644 --- a/2008/0xxx/CVE-2008-0841.json +++ b/2008/0xxx/CVE-2008-0841.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5133", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5133" - }, - { - "name" : "27834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27834" + }, + { + "name": "5133", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5133" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3625.json b/2008/3xxx/CVE-2008-3625.json index 15be37e23a5..33dbdc7beb6 100644 --- a/2008/3xxx/CVE-2008-3625.json +++ b/2008/3xxx/CVE-2008-3625.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080909 ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496161/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-058/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-058/" - }, - { - "name" : "http://support.apple.com/kb/HT3027", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3027" - }, - { - "name" : "APPLE-SA-2008-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html" - }, - { - "name" : "31086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31086" - }, - { - "name" : "oval:org.mitre.oval:def:15935", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15935" - }, - { - "name" : "ADV-2008-2527", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2527" - }, - { - "name" : "1020841", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020841" - }, - { - "name" : "31821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31086" + }, + { + "name": "oval:org.mitre.oval:def:15935", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15935" + }, + { + "name": "ADV-2008-2527", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2527" + }, + { + "name": "APPLE-SA-2008-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html" + }, + { + "name": "1020841", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020841" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-058/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-058/" + }, + { + "name": "20080909 ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496161/100/0/threaded" + }, + { + "name": "http://support.apple.com/kb/HT3027", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3027" + }, + { + "name": "31821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31821" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4130.json b/2008/4xxx/CVE-2008-4130.json index 3d6b10b60dd..6eafecbfc0e 100644 --- a/2008/4xxx/CVE-2008-4130.json +++ b/2008/4xxx/CVE-2008-4130.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_2.2.6_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.6_released" - }, - { - "name" : "FEDORA-2008-11230", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html" - }, - { - "name" : "FEDORA-2008-11258", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html" - }, - { - "name" : "GLSA-200811-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-02.xml" - }, - { - "name" : "31231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31231" - }, - { - "name" : "31858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31858" - }, - { - "name" : "32662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32662" - }, - { - "name" : "33144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33144" - }, - { - "name" : "gallery-flashanimations-xss(45227)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200811-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml" + }, + { + "name": "33144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33144" + }, + { + "name": "31858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31858" + }, + { + "name": "32662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32662" + }, + { + "name": "FEDORA-2008-11258", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html" + }, + { + "name": "gallery-flashanimations-xss(45227)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227" + }, + { + "name": "31231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31231" + }, + { + "name": "http://gallery.menalto.com/gallery_2.2.6_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.6_released" + }, + { + "name": "FEDORA-2008-11230", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4240.json b/2008/4xxx/CVE-2008-4240.json index e1723e98317..24543b8a8e1 100644 --- a/2008/4xxx/CVE-2008-4240.json +++ b/2008/4xxx/CVE-2008-4240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4416.json b/2008/4xxx/CVE-2008-4416.json index eee409a99fc..7c17bfc82ae 100644 --- a/2008/4xxx/CVE-2008-4416.json +++ b/2008/4xxx/CVE-2008-4416.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02389", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122832651727633&w=2" - }, - { - "name" : "SSRT080141", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122832651727633&w=2" - }, - { - "name" : "32601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32601" - }, - { - "name" : "oval:org.mitre.oval:def:6077", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6077" - }, - { - "name" : "ADV-2008-3331", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3331" - }, - { - "name" : "50409", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50409" - }, - { - "name" : "1021297", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021297" - }, - { - "name" : "32969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32969" - }, - { - "name" : "4686", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4686" - }, - { - "name" : "hpux-unspecified-dos-var1(47012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32601" + }, + { + "name": "4686", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4686" + }, + { + "name": "oval:org.mitre.oval:def:6077", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6077" + }, + { + "name": "SSRT080141", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122832651727633&w=2" + }, + { + "name": "1021297", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021297" + }, + { + "name": "HPSBUX02389", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122832651727633&w=2" + }, + { + "name": "hpux-unspecified-dos-var1(47012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47012" + }, + { + "name": "ADV-2008-3331", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3331" + }, + { + "name": "32969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32969" + }, + { + "name": "50409", + "refsource": "OSVDB", + "url": "http://osvdb.org/50409" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6047.json b/2008/6xxx/CVE-2008-6047.json index db757c1ea65..ce2c428b295 100644 --- a/2008/6xxx/CVE-2008-6047.json +++ b/2008/6xxx/CVE-2008-6047.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=647876", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=647876" - }, - { - "name" : "32903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32903" - }, - { - "name" : "33224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32903" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=647876", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=647876" + }, + { + "name": "33224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33224" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7139.json b/2008/7xxx/CVE-2008-7139.json index 2eacf202ec9..ee04a445432 100644 --- a/2008/7xxx/CVE-2008-7139.json +++ b/2008/7xxx/CVE-2008-7139.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489045/100/0/threaded" - }, - { - "name" : "http://www.informit.com/articles/article.aspx?p=1177111", - "refsource" : "MISC", - "url" : "http://www.informit.com/articles/article.aspx?p=1177111" - }, - { - "name" : "28085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28085" - }, - { - "name" : "42718", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42718" - }, - { - "name" : "29221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29221" - }, - { - "name" : "eyefimanager-wsproxy-csrf(40995)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28085" + }, + { + "name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded" + }, + { + "name": "http://www.informit.com/articles/article.aspx?p=1177111", + "refsource": "MISC", + "url": "http://www.informit.com/articles/article.aspx?p=1177111" + }, + { + "name": "29221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29221" + }, + { + "name": "eyefimanager-wsproxy-csrf(40995)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40995" + }, + { + "name": "42718", + "refsource": "OSVDB", + "url": "http://osvdb.org/42718" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7313.json b/2008/7xxx/CVE-2008-7313.json index 4e10c419bad..8fd66925cae 100644 --- a/2008/7xxx/CVE-2008-7313.json +++ b/2008/7xxx/CVE-2008-7313.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/09/11" - }, - { - "name" : "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/16/10" - }, - { - "name" : "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/18/2" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264", - "refsource" : "MISC", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264" - }, - { - "name" : "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27", - "refsource" : "CONFIRM", - "url" : "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1121497", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1121497" - }, - { - "name" : "GLSA-201702-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-26" - }, - { - "name" : "RHSA-2017:0211", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2017-0211.html" - }, - { - "name" : "RHSA-2017:0212", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2017-0212.html" - }, - { - "name" : "RHSA-2017:0213", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2017-0213.html" - }, - { - "name" : "RHSA-2017:0214", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2017-0214.html" - }, - { - "name" : "68776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68776" - }, - { - "name" : "snoopy-cve20087313-command-exec(94737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/09/11" + }, + { + "name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/18/2" + }, + { + "name": "68776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68776" + }, + { + "name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/16/10" + }, + { + "name": "snoopy-cve20087313-command-exec(94737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264", + "refsource": "MISC", + "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264" + }, + { + "name": "RHSA-2017:0213", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html" + }, + { + "name": "RHSA-2017:0211", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html" + }, + { + "name": "RHSA-2017:0212", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html" + }, + { + "name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27", + "refsource": "CONFIRM", + "url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497" + }, + { + "name": "GLSA-201702-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-26" + }, + { + "name": "RHSA-2017:0214", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2654.json b/2013/2xxx/CVE-2013-2654.json index 0067bb0268e..7b6f6e6eb4a 100644 --- a/2013/2xxx/CVE-2013-2654.json +++ b/2013/2xxx/CVE-2013-2654.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2654", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2654", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2688.json b/2013/2xxx/CVE-2013-2688.json index 11a04038420..9a4bbb2fe01 100644 --- a/2013/2xxx/CVE-2013-2688.json +++ b/2013/2xxx/CVE-2013-2688.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/qnxph_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/qnxph_1-adv.txt" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01" - }, - { - "name" : "http://www.qnx.com/download/feature.html?programid=24850", - "refsource" : "CONFIRM", - "url" : "http://www.qnx.com/download/feature.html?programid=24850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01" + }, + { + "name": "http://www.qnx.com/download/feature.html?programid=24850", + "refsource": "CONFIRM", + "url": "http://www.qnx.com/download/feature.html?programid=24850" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2745.json b/2013/2xxx/CVE-2013-2745.json index 979f17a4fb3..a82d32fbe5e 100644 --- a/2013/2xxx/CVE-2013-2745.json +++ b/2013/2xxx/CVE-2013-2745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2771.json b/2013/2xxx/CVE-2013-2771.json index 67ddd2df16c..ff8779a1a8a 100644 --- a/2013/2xxx/CVE-2013-2771.json +++ b/2013/2xxx/CVE-2013-2771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2771", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2771", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3043.json b/2013/3xxx/CVE-2013-3043.json index b731110728e..9d9bb223f9e 100644 --- a/2013/3xxx/CVE-2013-3043.json +++ b/2013/3xxx/CVE-2013-3043.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655724", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655724" - }, - { - "name" : "rhapsody-dm-cve20133043-client-dir-trav(84769)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6007.json b/2013/6xxx/CVE-2013-6007.json index fddd2ff88f2..a47db9366db 100644 --- a/2013/6xxx/CVE-2013-6007.json +++ b/2013/6xxx/CVE-2013-6007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6007", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6007", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6393.json b/2013/6xxx/CVE-2013-6393.json index 7351a9507cf..f7aa202ad8a 100644 --- a/2013/6xxx/CVE-2013-6393.json +++ b/2013/6xxx/CVE-2013-6393.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff" - }, - { - "name" : "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", - "refsource" : "CONFIRM", - "url" : "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033990" - }, - { - "name" : "https://support.apple.com/kb/HT6536", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6536" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0040.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0040.html" - }, - { - "name" : "https://puppet.com/security/cve/cve-2013-6393", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2013-6393" - }, - { - "name" : "APPLE-SA-2014-04-22-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" - }, - { - "name" : "APPLE-SA-2014-10-16-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" - }, - { - "name" : "DSA-2850", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2850" - }, - { - "name" : "DSA-2870", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2870" - }, - { - "name" : "MDVSA-2015:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060" - }, - { - "name" : "RHSA-2014:0353", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0353.html" - }, - { - "name" : "RHSA-2014:0354", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0354.html" - }, - { - "name" : "RHSA-2014:0355", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0355.html" - }, - { - "name" : "openSUSE-SU-2014:0272", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html" - }, - { - "name" : "openSUSE-SU-2014:0273", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html" - }, - { - "name" : "openSUSE-SU-2015:0319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html" - }, - { - "name" : "openSUSE-SU-2016:1067", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html" - }, - { - "name" : "USN-2098-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2098-1" - }, - { - "name" : "65258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65258" - }, - { - "name" : "102716", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0273", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html" + }, + { + "name": "DSA-2870", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2870" + }, + { + "name": "APPLE-SA-2014-10-16-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990" + }, + { + "name": "APPLE-SA-2014-04-22-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" + }, + { + "name": "102716", + "refsource": "OSVDB", + "url": "http://osvdb.org/102716" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff" + }, + { + "name": "MDVSA-2015:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060" + }, + { + "name": "65258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65258" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0040.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0040.html" + }, + { + "name": "openSUSE-SU-2015:0319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html" + }, + { + "name": "RHSA-2014:0355", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html" + }, + { + "name": "openSUSE-SU-2014:0272", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html" + }, + { + "name": "RHSA-2014:0354", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html" + }, + { + "name": "https://support.apple.com/kb/HT6536", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6536" + }, + { + "name": "openSUSE-SU-2016:1067", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html" + }, + { + "name": "DSA-2850", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2850" + }, + { + "name": "RHSA-2014:0353", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html" + }, + { + "name": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", + "refsource": "CONFIRM", + "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5" + }, + { + "name": "https://puppet.com/security/cve/cve-2013-6393", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2013-6393" + }, + { + "name": "USN-2098-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2098-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6530.json b/2013/6xxx/CVE-2013-6530.json index 964bd7fd841..be3adbdb1f4 100644 --- a/2013/6xxx/CVE-2013-6530.json +++ b/2013/6xxx/CVE-2013-6530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6530", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6530", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6850.json b/2013/6xxx/CVE-2013-6850.json index 660299e14c6..2d5ceb3c0a6 100644 --- a/2013/6xxx/CVE-2013-6850.json +++ b/2013/6xxx/CVE-2013-6850.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6850", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6850", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7439.json b/2013/7xxx/CVE-2013-7439.json index 3a3ca49d2f6..e82a39d0b6e 100644 --- a/2013/7xxx/CVE-2013-7439.json +++ b/2013/7xxx/CVE-2013-7439.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2013-7439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q2/81" - }, - { - "name" : "[xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro", - "refsource" : "MLIST", - "url" : "http://lists.x.org/archives/xorg-announce/2015-April/002561.html" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=56508", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=56508" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "DSA-3224", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3224" - }, - { - "name" : "USN-2568-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2568-1" - }, - { - "name" : "73962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2568-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2568-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "73962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73962" + }, + { + "name": "DSA-3224", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3224" + }, + { + "name": "[oss-security] 20150409 Re: CVE Request: libX11: buffer overflow in MakeBigReq macro", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q2/81" + }, + { + "name": "[xorg-announce] 20150414 [ANNOUNCE] X.Org Security Advisory: Buffer overflow in MakeBigReq macro", + "refsource": "MLIST", + "url": "http://lists.x.org/archives/xorg-announce/2015-April/002561.html" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=56508", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=56508" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10154.json b/2017/10xxx/CVE-2017-10154.json index 48fba6ef0f8..886d2fdef40 100644 --- a/2017/10xxx/CVE-2017-10154.json +++ b/2017/10xxx/CVE-2017-10154.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.2.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Access Manager accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.2.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101386" - }, - { - "name" : "1039607", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Access Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101386" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "1039607", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039607" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10350.json b/2017/10xxx/CVE-2017-10350.json index 1e326d3ee64..418b726f797 100644 --- a/2017/10xxx/CVE-2017-10350.json +++ b/2017/10xxx/CVE-2017-10350.json @@ -1,151 +1,151 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 7u151" - }, - { - "version_affected" : "=", - "version_value" : "8u144" - }, - { - "version_affected" : "=", - "version_value" : "9; Java SE Embedded: 8u144" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 7u151" + }, + { + "version_affected": "=", + "version_value": "8u144" + }, + { + "version_affected": "=", + "version_value": "9; Java SE Embedded: 8u144" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0001/" - }, - { - "name" : "DSA-4015", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4015" - }, - { - "name" : "DSA-4048", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4048" - }, - { - "name" : "GLSA-201710-31", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-31" - }, - { - "name" : "GLSA-201711-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-14" - }, - { - "name" : "RHSA-2017:3264", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3264" - }, - { - "name" : "RHSA-2017:3267", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3267" - }, - { - "name" : "RHSA-2017:3268", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3268" - }, - { - "name" : "RHSA-2017:2998", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2998" - }, - { - "name" : "RHSA-2017:3392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3392" - }, - { - "name" : "RHSA-2017:3046", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3046" - }, - { - "name" : "RHSA-2017:2999", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2999" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "101341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101341" - }, - { - "name" : "1039596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201711-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-14" + }, + { + "name": "101341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101341" + }, + { + "name": "DSA-4015", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4015" + }, + { + "name": "RHSA-2017:3267", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3267" + }, + { + "name": "RHSA-2017:2998", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2998" + }, + { + "name": "RHSA-2017:3268", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3268" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:3046", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3046" + }, + { + "name": "1039596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039596" + }, + { + "name": "GLSA-201710-31", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-31" + }, + { + "name": "RHSA-2017:3264", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3264" + }, + { + "name": "DSA-4048", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4048" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "RHSA-2017:3392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3392" + }, + { + "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" + }, + { + "name": "RHSA-2017:2999", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2999" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10943.json b/2017/10xxx/CVE-2017-10943.json index 4dcdb6523c2..b214e7235e8 100644 --- a/2017/10xxx/CVE-2017-10943.json +++ b/2017/10xxx/CVE-2017-10943.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-10943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.0.14878" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-10943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.0.14878" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-456", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-456" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-456", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-456" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14305.json b/2017/14xxx/CVE-2017-14305.json index 01620a8566e..0cfd6d7c3e4 100644 --- a/2017/14xxx/CVE-2017-14305.json +++ b/2017/14xxx/CVE-2017-14305.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14305", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14305", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14305" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14384.json b/2017/14xxx/CVE-2017-14384.json index bf2523436cd..2a594e46f3a 100644 --- a/2017/14xxx/CVE-2017-14384.json +++ b/2017/14xxx/CVE-2017-14384.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2017-12-05T00:00:00", - "ID" : "CVE-2017-14384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell Storage Manager", - "version" : { - "version_data" : [ - { - "version_value" : "earlier than 16.3.20" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2017-12-05T00:00:00", + "ID": "CVE-2017-14384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell Storage Manager", + "version": { + "version_data": [ + { + "version_value": "earlier than 16.3.20" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf", - "refsource" : "CONFIRM", - "url" : "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf" - }, - { - "name" : "103467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103467" + }, + { + "name": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf", + "refsource": "CONFIRM", + "url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14463.json b/2017/14xxx/CVE-2017-14463.json index 6911229d1d0..de6f32972d4 100644 --- a/2017/14xxx/CVE-2017-14463.json +++ b/2017/14xxx/CVE-2017-14463.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-03-28T00:00:00", - "ID" : "CVE-2017-14463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Allen Bradley", - "version" : { - "version_data" : [ - { - "version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-03-28T00:00:00", + "ID": "CVE-2017-14463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Allen Bradley", + "version": { + "version_data": [ + { + "version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15371.json b/2017/15xxx/CVE-2017-15371.json index b8a9f14a3a1..f1b51d4b730 100644 --- a/2017/15xxx/CVE-2017-15371.json +++ b/2017/15xxx/CVE-2017-15371.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171130 [SECURITY] [DLA 1197-1] sox security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html" - }, - { - "name" : "[debian-lts-announce] 20190305 [SECURITY] [DLA 1705-1] sox security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1500570", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1500570" - }, - { - "name" : "GLSA-201810-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1197-1] sox security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html" + }, + { + "name": "GLSA-201810-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-02" + }, + { + "name": "[debian-lts-announce] 20190305 [SECURITY] [DLA 1705-1] sox security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500570", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500570" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15693.json b/2017/15xxx/CVE-2017-15693.json index 56f29632263..0289631d3ba 100644 --- a/2017/15xxx/CVE-2017-15693.json +++ b/2017/15xxx/CVE-2017-15693.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-02-23T00:00:00", - "ID" : "CVE-2017-15693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Geode", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0 to 1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-02-23T00:00:00", + "ID": "CVE-2017-15693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Geode", + "version": { + "version_data": [ + { + "version_value": "1.0.0 to 1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[user] 20180223 [SECURITY] CVE-2017-15693 Apache Geode unsafe deserialization of application objects", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/cc3ec1d06062f54fdaa0357874c1d148fc54bb955f2d2df4ca328a3d@%3Cuser.geode.apache.org%3E" - }, - { - "name" : "103206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103206" + }, + { + "name": "[user] 20180223 [SECURITY] CVE-2017-15693 Apache Geode unsafe deserialization of application objects", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/cc3ec1d06062f54fdaa0357874c1d148fc54bb955f2d2df4ca328a3d@%3Cuser.geode.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15695.json b/2017/15xxx/CVE-2017-15695.json index b87cdcfbc7c..146c4ba16e4 100644 --- a/2017/15xxx/CVE-2017-15695.json +++ b/2017/15xxx/CVE-2017-15695.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-06-12T00:00:00", - "ID" : "CVE-2017-15695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Geode", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0 to 1.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-06-12T00:00:00", + "ID": "CVE-2017-15695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Geode", + "version": { + "version_data": [ + { + "version_value": "1.0.0 to 1.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[geode-user] 20180612 [SECURITY] CVE-2017-15695 Apache Geode remote code execution vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/dc8875c0b924885a884eba6d5bd7dc3f123411b2d33cffd00e351c99@%3Cuser.geode.apache.org%3E" - }, - { - "name" : "104465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[geode-user] 20180612 [SECURITY] CVE-2017-15695 Apache Geode remote code execution vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/dc8875c0b924885a884eba6d5bd7dc3f123411b2d33cffd00e351c99@%3Cuser.geode.apache.org%3E" + }, + { + "name": "104465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104465" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17536.json b/2017/17xxx/CVE-2017-17536.json index 39ed6ba70db..9de7dd5aa86 100644 --- a/2017/17xxx/CVE-2017-17536.json +++ b/2017/17xxx/CVE-2017-17536.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/288704", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/288704" - }, - { - "name" : "https://secure.phabricator.com/T13012", - "refsource" : "MISC", - "url" : "https://secure.phabricator.com/T13012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/288704", + "refsource": "MISC", + "url": "https://hackerone.com/reports/288704" + }, + { + "name": "https://secure.phabricator.com/T13012", + "refsource": "MISC", + "url": "https://secure.phabricator.com/T13012" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9094.json b/2017/9xxx/CVE-2017-9094.json index f847b205d1f..93f337ef6c3 100644 --- a/2017/9xxx/CVE-2017-9094.json +++ b/2017/9xxx/CVE-2017-9094.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jsummers/imageworsener/issues/27", - "refsource" : "CONFIRM", - "url" : "https://github.com/jsummers/imageworsener/issues/27" - }, - { - "name" : "98728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98728" + }, + { + "name": "https://github.com/jsummers/imageworsener/issues/27", + "refsource": "CONFIRM", + "url": "https://github.com/jsummers/imageworsener/issues/27" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9323.json b/2017/9xxx/CVE-2017-9323.json index 9d388300794..18bddc88846 100644 --- a/2017/9xxx/CVE-2017-9323.json +++ b/2017/9xxx/CVE-2017-9323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9323", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-9323", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9892.json b/2017/9xxx/CVE-2017-9892.json index 0a115d34901..000dddef85e 100644 --- a/2017/9xxx/CVE-2017-9892.json +++ b/2017/9xxx/CVE-2017-9892.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9892", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9892" - }, - { - "name" : "http://www.irfanview.com/plugins.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/plugins.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irfanview.com/plugins.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/plugins.htm" + }, + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9892", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9892" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0198.json b/2018/0xxx/CVE-2018-0198.json index 70267846e98..4fbbee60076 100644 --- a/2018/0xxx/CVE-2018-0198.json +++ b/2018/0xxx/CVE-2018-0198.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-693" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1" - }, - { - "name" : "102965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102965" - }, - { - "name" : "1040342", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1" + }, + { + "name": "1040342", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040342" + }, + { + "name": "102965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102965" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0256.json b/2018/0xxx/CVE-2018-0256.json index 6a883cfb403..e9293d8fa2f 100644 --- a/2018/0xxx/CVE-2018-0256.json +++ b/2018/0xxx/CVE-2018-0256.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Packet Data Network Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Packet Data Network Gateway" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect validation of peer-to-peer packet headers. An attacker could exploit this vulnerability by sending a crafted peer-to-peer packet through an affected device. A successful exploit could allow the attacker to cause the SESSMGR process on the affected device to restart unexpectedly, which could briefly impact traffic while the SESSMGR process restarts and result in a DoS condition. Cisco Bug IDs: CSCvg88786." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Packet Data Network Gateway", + "version": { + "version_data": [ + { + "version_value": "Cisco Packet Data Network Gateway" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng" - }, - { - "name" : "103951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect validation of peer-to-peer packet headers. An attacker could exploit this vulnerability by sending a crafted peer-to-peer packet through an affected device. A successful exploit could allow the attacker to cause the SESSMGR process on the affected device to restart unexpectedly, which could briefly impact traffic while the SESSMGR process restarts and result in a DoS condition. Cisco Bug IDs: CSCvg88786." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103951" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0281.json b/2018/0xxx/CVE-2018-0281.json index 0e344c343a6..876e6033adb 100644 --- a/2018/0xxx/CVE-2018-0281.json +++ b/2018/0xxx/CVE-2018-0281.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower System Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower System Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-310" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower System Software", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower System Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos" - }, - { - "name" : "104096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104096" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000162.json b/2018/1000xxx/CVE-2018-1000162.json index b18006d48c3..66193aa94e3 100644 --- a/2018/1000xxx/CVE-2018-1000162.json +++ b/2018/1000xxx/CVE-2018-1000162.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-06T14:09:26.584701", - "DATE_REQUESTED" : "2018-03-29T08:35:18", - "ID" : "CVE-2018-1000162", - "REQUESTER" : "aidantwoods+dwf@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Parsedown", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 1.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "parsedown" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries. This vulnerability appears to have been fixed in 1.7.0 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-06T14:09:26.584701", + "DATE_REQUESTED": "2018-03-29T08:35:18", + "ID": "CVE-2018-1000162", + "REQUESTER": "aidantwoods+dwf@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Roave/SecurityAdvisories/issues/44#issuecomment-368594409", - "refsource" : "MISC", - "url" : "https://github.com/Roave/SecurityAdvisories/issues/44#issuecomment-368594409" - }, - { - "name" : "https://github.com/erusev/parsedown/pull/495", - "refsource" : "MISC", - "url" : "https://github.com/erusev/parsedown/pull/495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries. This vulnerability appears to have been fixed in 1.7.0 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Roave/SecurityAdvisories/issues/44#issuecomment-368594409", + "refsource": "MISC", + "url": "https://github.com/Roave/SecurityAdvisories/issues/44#issuecomment-368594409" + }, + { + "name": "https://github.com/erusev/parsedown/pull/495", + "refsource": "MISC", + "url": "https://github.com/erusev/parsedown/pull/495" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000642.json b/2018/1000xxx/CVE-2018-1000642.json index b1f78ef4ac4..5f62619eaf5 100644 --- a/2018/1000xxx/CVE-2018-1000642.json +++ b/2018/1000xxx/CVE-2018-1000642.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-19T17:09:33.113772", - "DATE_REQUESTED" : "2018-08-08T13:01:43", - "ID" : "CVE-2018-1000642", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FlightAirMap ", - "version" : { - "version_data" : [ - { - "version_value" : "<=v1.0-beta.21" - } - ] - } - } - ] - }, - "vendor_name" : "FlightAirMap " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-19T17:09:33.113772", + "DATE_REQUESTED": "2018-08-08T13:01:43", + "ID": "CVE-2018-1000642", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/" - }, - { - "name" : "https://github.com/Ysurac/FlightAirMap/issues/410", - "refsource" : "CONFIRM", - "url" : "https://github.com/Ysurac/FlightAirMap/issues/410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Ysurac/FlightAirMap/issues/410", + "refsource": "CONFIRM", + "url": "https://github.com/Ysurac/FlightAirMap/issues/410" + }, + { + "name": "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000810.json b/2018/1000xxx/CVE-2018-1000810.json index 861dbd2e75b..d4ceb07dd73 100644 --- a/2018/1000xxx/CVE-2018-1000810.json +++ b/2018/1000xxx/CVE-2018-1000810.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-10-05T22:22:07.614036", - "DATE_REQUESTED" : "2018-09-21T20:41:05", - "ID" : "CVE-2018-1000810", - "REQUESTER" : "steve@steveklabnik.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Standard Library", - "version" : { - "version_data" : [ - { - "version_value" : "1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Rust Programming Language" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-680: Integer Overflow to Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-10-05T22:22:07.614036", + "DATE_REQUESTED": "2018-09-21T20:41:05", + "ID": "CVE-2018-1000810", + "REQUESTER": "steve@steveklabnik.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html", - "refsource" : "CONFIRM", - "url" : "https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html" - }, - { - "name" : "https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0" - }, - { - "name" : "GLSA-201812-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201812-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-11" + }, + { + "name": "https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html", + "refsource": "CONFIRM", + "url": "https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html" + }, + { + "name": "https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16256.json b/2018/16xxx/CVE-2018-16256.json index 67327439552..6bb0a5905c4 100644 --- a/2018/16xxx/CVE-2018-16256.json +++ b/2018/16xxx/CVE-2018-16256.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16256", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16256", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16756.json b/2018/16xxx/CVE-2018-16756.json index 9af20fe54a5..d13f9629231 100644 --- a/2018/16xxx/CVE-2018-16756.json +++ b/2018/16xxx/CVE-2018-16756.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16756", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16756", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19024.json b/2018/19xxx/CVE-2018-19024.json index 9f3cf5750cd..ec4fbd441f0 100644 --- a/2018/19xxx/CVE-2018-19024.json +++ b/2018/19xxx/CVE-2018-19024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19024", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19024", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19119.json b/2018/19xxx/CVE-2018-19119.json index 2feb344a7c6..2499e47fb9e 100644 --- a/2018/19xxx/CVE-2018-19119.json +++ b/2018/19xxx/CVE-2018-19119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19155.json b/2018/19xxx/CVE-2018-19155.json index 8f416fb5752..28800d22927 100644 --- a/2018/19xxx/CVE-2018-19155.json +++ b/2018/19xxx/CVE-2018-19155.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19155", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19155", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19332.json b/2018/19xxx/CVE-2018-19332.json index b04228a4c53..a602f2413c7 100644 --- a/2018/19xxx/CVE-2018-19332.json +++ b/2018/19xxx/CVE-2018-19332.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmscsrf.html", - "refsource" : "MISC", - "url" : "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmscsrf.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmscsrf.html", + "refsource": "MISC", + "url": "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmscsrf.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19486.json b/2018/19xxx/CVE-2018-19486.json index dfe9bb020b2..60089a9f5fd 100644 --- a/2018/19xxx/CVE-2018-19486.json +++ b/2018/19xxx/CVE-2018-19486.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60" - }, - { - "name" : "https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt" - }, - { - "name" : "RHSA-2018:3800", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3800" - }, - { - "name" : "USN-3829-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3829-1/" - }, - { - "name" : "106020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106020" - }, - { - "name" : "1042166", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60" + }, + { + "name": "106020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106020" + }, + { + "name": "https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt" + }, + { + "name": "1042166", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042166" + }, + { + "name": "RHSA-2018:3800", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3800" + }, + { + "name": "USN-3829-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3829-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4105.json b/2018/4xxx/CVE-2018-4105.json index eadcc780b12..1b0fa209ffe 100644 --- a/2018/4xxx/CVE-2018-4105.json +++ b/2018/4xxx/CVE-2018-4105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"APFS\" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208692", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208692" - }, - { - "name" : "103582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103582" - }, - { - "name" : "1040608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"APFS\" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208692", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208692" + }, + { + "name": "103582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103582" + }, + { + "name": "1040608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040608" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4576.json b/2018/4xxx/CVE-2018-4576.json index 09c1206a1be..74e20b1cb1b 100644 --- a/2018/4xxx/CVE-2018-4576.json +++ b/2018/4xxx/CVE-2018-4576.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4576", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4576", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4744.json b/2018/4xxx/CVE-2018-4744.json index 44d3a2523c0..4e2543ab5fa 100644 --- a/2018/4xxx/CVE-2018-4744.json +++ b/2018/4xxx/CVE-2018-4744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4744", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4744", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4807.json b/2018/4xxx/CVE-2018-4807.json index d9685640f1d..9b2cddbe4a9 100644 --- a/2018/4xxx/CVE-2018-4807.json +++ b/2018/4xxx/CVE-2018-4807.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4807", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4807", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7418.json b/2019/7xxx/CVE-2019-7418.json index 00be095142b..420446159c8 100644 --- a/2019/7xxx/CVE-2019-7418.json +++ b/2019/7xxx/CVE-2019-7418.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7418", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters: flag, frame, func, and Nfunc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html" + }, + { + "url": "http://www.samsungprinter.com/", + "refsource": "MISC", + "name": "http://www.samsungprinter.com/" + }, + { + "url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx", + "refsource": "MISC", + "name": "http://www.samsung.com/Support/ProductSupport/download/index.aspx" + }, + { + "refsource": "FULLDISC", + "name": "20190206 CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421 Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service", + "url": "http://seclists.org/fulldisclosure/2019/Feb/28" } ] }