From a8b9927743e15252508b82e4f9166eb245ed6203 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:20:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0056.json | 200 +++--- 2008/0xxx/CVE-2008-0548.json | 130 ++-- 2008/0xxx/CVE-2008-0690.json | 130 ++-- 2008/1xxx/CVE-2008-1136.json | 210 +++---- 2008/1xxx/CVE-2008-1375.json | 560 ++++++++--------- 2008/1xxx/CVE-2008-1887.json | 380 ++++++------ 2008/1xxx/CVE-2008-1923.json | 150 ++--- 2008/1xxx/CVE-2008-1991.json | 180 +++--- 2008/4xxx/CVE-2008-4187.json | 140 ++--- 2008/5xxx/CVE-2008-5218.json | 160 ++--- 2008/5xxx/CVE-2008-5355.json | 210 +++---- 2008/5xxx/CVE-2008-5732.json | 170 +++--- 2013/0xxx/CVE-2013-0435.json | 390 ++++++------ 2013/0xxx/CVE-2013-0443.json | 410 ++++++------- 2013/3xxx/CVE-2013-3205.json | 140 ++--- 2013/3xxx/CVE-2013-3957.json | 120 ++-- 2013/3xxx/CVE-2013-3972.json | 150 ++--- 2013/4xxx/CVE-2013-4168.json | 34 +- 2013/4xxx/CVE-2013-4651.json | 120 ++-- 2013/4xxx/CVE-2013-4773.json | 34 +- 2013/4xxx/CVE-2013-4816.json | 34 +- 2013/6xxx/CVE-2013-6265.json | 34 +- 2013/6xxx/CVE-2013-6294.json | 34 +- 2013/6xxx/CVE-2013-6716.json | 34 +- 2017/10xxx/CVE-2017-10689.json | 162 ++--- 2017/10xxx/CVE-2017-10890.json | 200 +++--- 2017/10xxx/CVE-2017-10899.json | 140 ++--- 2017/12xxx/CVE-2017-12494.json | 142 ++--- 2017/12xxx/CVE-2017-12889.json | 34 +- 2017/13xxx/CVE-2017-13289.json | 158 ++--- 2017/13xxx/CVE-2017-13602.json | 34 +- 2017/13xxx/CVE-2017-13631.json | 34 +- 2017/17xxx/CVE-2017-17073.json | 34 +- 2017/17xxx/CVE-2017-17191.json | 34 +- 2017/17xxx/CVE-2017-17529.json | 120 ++-- 2017/17xxx/CVE-2017-17606.json | 130 ++-- 2017/17xxx/CVE-2017-17691.json | 120 ++-- 2017/9xxx/CVE-2017-9927.json | 120 ++-- 2018/0xxx/CVE-2018-0203.json | 140 ++--- 2018/0xxx/CVE-2018-0323.json | 130 ++-- 2018/18xxx/CVE-2018-18413.json | 34 +- 2018/18xxx/CVE-2018-18694.json | 120 ++-- 2018/18xxx/CVE-2018-18902.json | 34 +- 2018/18xxx/CVE-2018-18967.json | 34 +- 2018/19xxx/CVE-2018-19224.json | 120 ++-- 2018/19xxx/CVE-2018-19653.json | 130 ++-- 2018/19xxx/CVE-2018-19929.json | 34 +- 2018/1xxx/CVE-2018-1006.json | 34 +- 2018/1xxx/CVE-2018-1434.json | 1052 ++++++++++++++++---------------- 2018/1xxx/CVE-2018-1546.json | 286 ++++----- 2018/1xxx/CVE-2018-1811.json | 34 +- 2018/1xxx/CVE-2018-1938.json | 182 +++--- 2018/5xxx/CVE-2018-5791.json | 120 ++-- 53 files changed, 4050 insertions(+), 4050 deletions(-) diff --git a/2008/0xxx/CVE-2008-0056.json b/2008/0xxx/CVE-2008-0056.json index e9536b2976a..6a228f122fe 100644 --- a/2008/0xxx/CVE-2008-0056.json +++ b/2008/0xxx/CVE-2008-0056.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a \"long pathname with an unexpected structure\" that triggers the overflow in NSFileManager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "TA08-079A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" - }, - { - "name" : "28304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28304" - }, - { - "name" : "28357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28357" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019649", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019649" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "macos-foundation-nsfilemanager-bo(41309)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a \"long pathname with an unexpected structure\" that triggers the overflow in NSFileManager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28357" + }, + { + "name": "macos-foundation-nsfilemanager-bo(41309)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41309" + }, + { + "name": "28304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28304" + }, + { + "name": "TA08-079A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "1019649", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019649" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0548.json b/2008/0xxx/CVE-2008-0548.json index beb29bc208b..b7ed6c8fbef 100644 --- a/2008/0xxx/CVE-2008-0548.json +++ b/2008/0xxx/CVE-2008-0548.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/steamcazz-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/steamcazz-adv.txt" - }, - { - "name" : "steamcast-contentlength-dos(39927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/steamcazz-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/steamcazz-adv.txt" + }, + { + "name": "steamcast-contentlength-dos(39927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39927" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0690.json b/2008/0xxx/CVE-2008-0690.json index ced268e007e..dfaabc1de73 100644 --- a/2008/0xxx/CVE-2008-0690.json +++ b/2008/0xxx/CVE-2008-0690.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5047", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5047" - }, - { - "name" : "27585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5047", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5047" + }, + { + "name": "27585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27585" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1136.json b/2008/1xxx/CVE-2008-1136.json index ff975253548..27e2fab5289 100644 --- a/2008/1xxx/CVE-2008-1136.json +++ b/2008/1xxx/CVE-2008-1136.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080107 CORE-2007-1106: SynCE Remote Command Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485884/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2070", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2070" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=766440", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=766440" - }, - { - "name" : "FEDORA-2008-0680", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00131.html" - }, - { - "name" : "27178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27178" - }, - { - "name" : "28141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28141" - }, - { - "name" : "29228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29228" - }, - { - "name" : "29285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29285" - }, - { - "name" : "3710", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3710" - }, - { - "name" : "synce-vdccm-command-execution(39506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "synce-vdccm-command-execution(39506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39506" + }, + { + "name": "20080107 CORE-2007-1106: SynCE Remote Command Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485884/100/0/threaded" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2070", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2070" + }, + { + "name": "27178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27178" + }, + { + "name": "3710", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3710" + }, + { + "name": "29228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29228" + }, + { + "name": "28141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28141" + }, + { + "name": "FEDORA-2008-0680", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00131.html" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=766440", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=766440" + }, + { + "name": "29285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29285" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1375.json b/2008/1xxx/CVE-2008-1375.json index 18eed66746d..c41f9a523bf 100644 --- a/2008/1xxx/CVE-2008-1375.json +++ b/2008/1xxx/CVE-2008-1375.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080502 rPSA-2008-0157-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491566/100/0/threaded" - }, - { - "name" : "20080507 rPSA-2008-0157-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491732/100/0/threaded" - }, - { - "name" : "[linux-kernel] 20080501 Linux 2.6.24.6", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=120967963803205&w=2" - }, - { - "name" : "[linux-kernel] 20080501 Linux 2.6.25.1", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=120967964303224&w=2" - }, - { - "name" : "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000023.html" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0157", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0157" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2501", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2501" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4" - }, - { - "name" : "DSA-1565", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1565" - }, - { - "name" : "FEDORA-2008-3873", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html" - }, - { - "name" : "MDVSA-2008:105", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105" - }, - { - "name" : "MDVSA-2008:167", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" - }, - { - "name" : "MDVSA-2008:104", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:104" - }, - { - "name" : "RHSA-2008:0211", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0211.html" - }, - { - "name" : "RHSA-2008:0233", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0233.html" - }, - { - "name" : "RHSA-2008:0237", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0237.html" - }, - { - "name" : "SUSE-SA:2008:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" - }, - { - "name" : "SUSE-SA:2008:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html" - }, - { - "name" : "SUSE-SA:2008:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" - }, - { - "name" : "USN-614-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/614-1/" - }, - { - "name" : "USN-618-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-618-1" - }, - { - "name" : "29003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29003" - }, - { - "name" : "oval:org.mitre.oval:def:11843", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11843" - }, - { - "name" : "ADV-2008-1406", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1406/references" - }, - { - "name" : "ADV-2008-1452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1452/references" - }, - { - "name" : "ADV-2008-2222", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2222/references" - }, - { - "name" : "1019959", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019959" - }, - { - "name" : "30017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30017" - }, - { - "name" : "30044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30044" - }, - { - "name" : "30108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30108" - }, - { - "name" : "30260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30260" - }, - { - "name" : "30515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30515" - }, - { - "name" : "30769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30769" - }, - { - "name" : "30818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30818" - }, - { - "name" : "30890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30890" - }, - { - "name" : "30962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30962" - }, - { - "name" : "31246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31246" - }, - { - "name" : "30018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30018" - }, - { - "name" : "30110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30110" - }, - { - "name" : "30112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30112" - }, - { - "name" : "30116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30116" - }, - { - "name" : "linux-kernel-dnotify-privilege-escalation(42131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-kernel] 20080501 Linux 2.6.24.6", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=120967963803205&w=2" + }, + { + "name": "30962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30962" + }, + { + "name": "ADV-2008-1406", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1406/references" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157" + }, + { + "name": "29003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29003" + }, + { + "name": "linux-kernel-dnotify-privilege-escalation(42131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42131" + }, + { + "name": "RHSA-2008:0237", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0237.html" + }, + { + "name": "1019959", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019959" + }, + { + "name": "ADV-2008-1452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1452/references" + }, + { + "name": "MDVSA-2008:167", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" + }, + { + "name": "USN-618-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-618-1" + }, + { + "name": "DSA-1565", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1565" + }, + { + "name": "30116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30116" + }, + { + "name": "RHSA-2008:0233", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0233.html" + }, + { + "name": "30110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30110" + }, + { + "name": "SUSE-SA:2008:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html" + }, + { + "name": "FEDORA-2008-3873", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html" + }, + { + "name": "ADV-2008-2222", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2222/references" + }, + { + "name": "20080507 rPSA-2008-0157-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491732/100/0/threaded" + }, + { + "name": "[linux-kernel] 20080501 Linux 2.6.25.1", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=120967964303224&w=2" + }, + { + "name": "oval:org.mitre.oval:def:11843", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11843" + }, + { + "name": "30515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30515" + }, + { + "name": "20080502 rPSA-2008-0157-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491566/100/0/threaded" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6" + }, + { + "name": "USN-614-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/614-1/" + }, + { + "name": "MDVSA-2008:105", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105" + }, + { + "name": "30108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30108" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1" + }, + { + "name": "30044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30044" + }, + { + "name": "RHSA-2008:0211", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0211.html" + }, + { + "name": "30017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30017" + }, + { + "name": "30890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30890" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2501", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2501" + }, + { + "name": "30769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30769" + }, + { + "name": "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000023.html" + }, + { + "name": "30018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30018" + }, + { + "name": "MDVSA-2008:104", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:104" + }, + { + "name": "30260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30260" + }, + { + "name": "SUSE-SA:2008:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" + }, + { + "name": "31246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31246" + }, + { + "name": "30818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30818" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0157", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0157" + }, + { + "name": "30112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30112" + }, + { + "name": "SUSE-SA:2008:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1887.json b/2008/1xxx/CVE-2008-1887.json index 474a3507494..2741f1f2f32 100644 --- a/2008/1xxx/CVE-2008-1887.json +++ b/2008/1xxx/CVE-2008-1887.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490776" - }, - { - "name" : "20090824 rPSA-2009-0122-1 idle python", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506056/100/0/threaded" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://bugs.python.org/issue2587", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue2587" - }, - { - "name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "DSA-1551", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1551" - }, - { - "name" : "DSA-1620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1620" - }, - { - "name" : "GLSA-200807-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200807-01.xml" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "USN-632-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-632-1" - }, - { - "name" : "28749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28749" - }, - { - "name" : "oval:org.mitre.oval:def:10407", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407" - }, - { - "name" : "oval:org.mitre.oval:def:8624", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624" - }, - { - "name" : "29889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29889" - }, - { - "name" : "30872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30872" - }, - { - "name" : "31255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31255" - }, - { - "name" : "31365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31365" - }, - { - "name" : "31518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31518" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "python-pystringfromstringandsize-bo(41944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "http://bugs.python.org/issue2587", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue2587" + }, + { + "name": "GLSA-200807-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml" + }, + { + "name": "30872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30872" + }, + { + "name": "20090824 rPSA-2009-0122-1 idle python", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "oval:org.mitre.oval:def:8624", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "python-pystringfromstringandsize-bo(41944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "oval:org.mitre.oval:def:10407", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407" + }, + { + "name": "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490776" + }, + { + "name": "DSA-1551", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1551" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122" + }, + { + "name": "28749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28749" + }, + { + "name": "USN-632-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-632-1" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "31518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31518" + }, + { + "name": "31365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31365" + }, + { + "name": "31255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31255" + }, + { + "name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900" + }, + { + "name": "DSA-1620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1620" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "29889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29889" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1923.json b/2008/1xxx/CVE-2008-1923.json index 8b1929e2388..7fd04194be0 100644 --- a/2008/1xxx/CVE-2008-1923.json +++ b/2008/1xxx/CVE-2008-1923.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.altsci.com/concepts/page.php?s=asteri&p=1", - "refsource" : "MISC", - "url" : "http://www.altsci.com/concepts/page.php?s=asteri&p=1" - }, - { - "name" : "http://bugs.digium.com/view.php?id=10078", - "refsource" : "CONFIRM", - "url" : "http://bugs.digium.com/view.php?id=10078" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2008-006.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2008-006.html" - }, - { - "name" : "asterisk-new-dos(42049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asterisk-new-dos(42049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2008-006.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2008-006.html" + }, + { + "name": "http://bugs.digium.com/view.php?id=10078", + "refsource": "CONFIRM", + "url": "http://bugs.digium.com/view.php?id=10078" + }, + { + "name": "http://www.altsci.com/concepts/page.php?s=asteri&p=1", + "refsource": "MISC", + "url": "http://www.altsci.com/concepts/page.php?s=asteri&p=1" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1991.json b/2008/1xxx/CVE-2008-1991.json index e2e692483d4..f4cc84c11c4 100644 --- a/2008/1xxx/CVE-2008-1991.json +++ b/2008/1xxx/CVE-2008-1991.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080420 Acidcat CMS Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491129/100/0/threaded" - }, - { - "name" : "5478", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5478" - }, - { - "name" : "http://bugreport.ir/index.php?/36", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/36" - }, - { - "name" : "28868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28868" - }, - { - "name" : "29916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29916" - }, - { - "name" : "3842", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3842" - }, - { - "name" : "acidcat-admincolorsswatch-xss(41919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugreport.ir/index.php?/36", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/36" + }, + { + "name": "3842", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3842" + }, + { + "name": "29916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29916" + }, + { + "name": "20080420 Acidcat CMS Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491129/100/0/threaded" + }, + { + "name": "28868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28868" + }, + { + "name": "acidcat-admincolorsswatch-xss(41919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41919" + }, + { + "name": "5478", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5478" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4187.json b/2008/4xxx/CVE-2008-4187.json index 18c0d8bdc31..f13befdab77 100644 --- a/2008/4xxx/CVE-2008-4187.json +++ b/2008/4xxx/CVE-2008-4187.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6489", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6489" - }, - { - "name" : "4315", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4315" - }, - { - "name" : "proactivecms-index-file-include(45235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "proactivecms-index-file-include(45235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45235" + }, + { + "name": "6489", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6489" + }, + { + "name": "4315", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4315" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5218.json b/2008/5xxx/CVE-2008-5218.json index c6db841832c..d2c049e9c3b 100644 --- a/2008/5xxx/CVE-2008-5218.json +++ b/2008/5xxx/CVE-2008-5218.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7140", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7140" - }, - { - "name" : "32325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32325" - }, - { - "name" : "49883", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49883" - }, - { - "name" : "32744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32744" - }, - { - "name" : "4633", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4633", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4633" + }, + { + "name": "32325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32325" + }, + { + "name": "7140", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7140" + }, + { + "name": "49883", + "refsource": "OSVDB", + "url": "http://osvdb.org/49883" + }, + { + "name": "32744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32744" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5355.json b/2008/5xxx/CVE-2008-5355.json index 88b0e0ac436..be0eef9a58d 100644 --- a/2008/5xxx/CVE-2008-5355.json +++ b/2008/5xxx/CVE-2008-5355.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Java Update\" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" - }, - { - "name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", - "refsource" : "CONFIRM", - "url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "244989", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1" - }, - { - "name" : "TA08-340A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" - }, - { - "name" : "50498", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50498" - }, - { - "name" : "oval:org.mitre.oval:def:5664", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664" - }, - { - "name" : "1021315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021315" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "ADV-2008-3339", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Java Update\" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021315" + }, + { + "name": "oval:org.mitre.oval:def:5664", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", + "refsource": "CONFIRM", + "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" + }, + { + "name": "244989", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1" + }, + { + "name": "ADV-2008-3339", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3339" + }, + { + "name": "50498", + "refsource": "OSVDB", + "url": "http://osvdb.org/50498" + }, + { + "name": "TA08-340A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5732.json b/2008/5xxx/CVE-2008-5732.json index 2efcf7b603a..bb5ba1f0aa1 100644 --- a/2008/5xxx/CVE-2008-5732.json +++ b/2008/5xxx/CVE-2008-5732.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7537", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7537" - }, - { - "name" : "32953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32953" - }, - { - "name" : "50876", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50876" - }, - { - "name" : "33223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33223" - }, - { - "name" : "4812", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4812" - }, - { - "name" : "kafooeyblog-imageupload-file-upload(47535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33223" + }, + { + "name": "50876", + "refsource": "OSVDB", + "url": "http://osvdb.org/50876" + }, + { + "name": "7537", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7537" + }, + { + "name": "kafooeyblog-imageupload-file-upload(47535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47535" + }, + { + "name": "4812", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4812" + }, + { + "name": "32953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32953" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0435.json b/2013/0xxx/CVE-2013-0435.json index f7912c5ffe8..3515d20a380 100644 --- a/2013/0xxx/CVE-2013-0435.json +++ b/2013/0xxx/CVE-2013-0435.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and \"Better handling of UI elements.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02864", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "SSRT101156", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0236", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:0245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" - }, - { - "name" : "RHSA-2013:0246", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" - }, - { - "name" : "RHSA-2013:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "openSUSE-SU-2013:0312", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "57729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57729" - }, - { - "name" : "oval:org.mitre.oval:def:16489", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16489" - }, - { - "name" : "oval:org.mitre.oval:def:19078", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19078" - }, - { - "name" : "oval:org.mitre.oval:def:19520", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and \"Better handling of UI elements.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "SSRT101156", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "oval:org.mitre.oval:def:19520", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19520" + }, + { + "name": "RHSA-2013:0236", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "57729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57729" + }, + { + "name": "RHSA-2013:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291" + }, + { + "name": "oval:org.mitre.oval:def:16489", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16489" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "openSUSE-SU-2013:0312", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" + }, + { + "name": "openSUSE-SU-2013:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" + }, + { + "name": "RHSA-2013:0246", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "HPSBUX02864", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "RHSA-2013:0245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19078", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19078" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0443.json b/2013/0xxx/CVE-2013-0443.json index f5d337ec57f..83954592582 100644 --- a/2013/0xxx/CVE-2013-0443.json +++ b/2013/0xxx/CVE-2013-0443.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=907340", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=907340" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02864", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "SSRT101156", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0236", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:0245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" - }, - { - "name" : "RHSA-2013:0246", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" - }, - { - "name" : "RHSA-2013:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "openSUSE-SU-2013:0312", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0478", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "57702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57702" - }, - { - "name" : "oval:org.mitre.oval:def:15832", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15832" - }, - { - "name" : "oval:org.mitre.oval:def:19010", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19010" - }, - { - "name" : "oval:org.mitre.oval:def:19382", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19382" - }, - { - "name" : "oval:org.mitre.oval:def:19437", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19010", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19010" + }, + { + "name": "oval:org.mitre.oval:def:15832", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15832" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "SSRT101156", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "RHSA-2013:0236", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "57702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57702" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "SUSE-SU-2013:0478", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "RHSA-2013:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=907340", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907340" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "openSUSE-SU-2013:0312", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" + }, + { + "name": "openSUSE-SU-2013:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:19382", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19382" + }, + { + "name": "RHSA-2013:0246", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "HPSBUX02864", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "RHSA-2013:0245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" + }, + { + "name": "oval:org.mitre.oval:def:19437", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19437" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3205.json b/2013/3xxx/CVE-2013-3205.json index faac0282e4f..98d8f146857 100644 --- a/2013/3xxx/CVE-2013-3205.json +++ b/2013/3xxx/CVE-2013-3205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18696", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" + }, + { + "name": "oval:org.mitre.oval:def:18696", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18696" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3957.json b/2013/3xxx/CVE-2013-3957.json index ed805f9599e..c1cb52f5b45 100644 --- a/2013/3xxx/CVE-2013-3957.json +++ b/2013/3xxx/CVE-2013-3957.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3972.json b/2013/3xxx/CVE-2013-3972.json index 00ba5ac7093..8736f583a7f 100644 --- a/2013/3xxx/CVE-2013-3972.json +++ b/2013/3xxx/CVE-2013-3972.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" - }, - { - "name" : "IV39089", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089" - }, - { - "name" : "55068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55068" - }, - { - "name" : "maximo-cve20133972-infodisc(84849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV39089", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089" + }, + { + "name": "55068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55068" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" + }, + { + "name": "maximo-cve20133972-infodisc(84849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4168.json b/2013/4xxx/CVE-2013-4168.json index b6e6b5e821b..3f0c2e170ca 100644 --- a/2013/4xxx/CVE-2013-4168.json +++ b/2013/4xxx/CVE-2013-4168.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4168", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4168", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4651.json b/2013/4xxx/CVE-2013-4651.json index 693624334fc..e219018adc0 100644 --- a/2013/4xxx/CVE-2013-4651.json +++ b/2013/4xxx/CVE-2013-4651.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4773.json b/2013/4xxx/CVE-2013-4773.json index 8fa219f7e62..7714c590bd8 100644 --- a/2013/4xxx/CVE-2013-4773.json +++ b/2013/4xxx/CVE-2013-4773.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4773", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4773", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4816.json b/2013/4xxx/CVE-2013-4816.json index ef7fb3fc34b..4e563690bec 100644 --- a/2013/4xxx/CVE-2013-4816.json +++ b/2013/4xxx/CVE-2013-4816.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4816", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4816", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6265.json b/2013/6xxx/CVE-2013-6265.json index 0c69e777f5c..0ac1a9aab08 100644 --- a/2013/6xxx/CVE-2013-6265.json +++ b/2013/6xxx/CVE-2013-6265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6265", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6265", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6294.json b/2013/6xxx/CVE-2013-6294.json index ee2b5112a8d..56484be54f2 100644 --- a/2013/6xxx/CVE-2013-6294.json +++ b/2013/6xxx/CVE-2013-6294.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6294", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6294", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6716.json b/2013/6xxx/CVE-2013-6716.json index 415dd773671..5ed5a53e625 100644 --- a/2013/6xxx/CVE-2013-6716.json +++ b/2013/6xxx/CVE-2013-6716.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6716", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6716", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10689.json b/2017/10xxx/CVE-2017-10689.json index 0864ad8dae7..ef43f5eee7b 100644 --- a/2017/10xxx/CVE-2017-10689.json +++ b/2017/10xxx/CVE-2017-10689.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@puppet.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-10689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Puppet Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 2016.4.10 or 2017.3.4" - } - ] - } - }, - { - "product_name" : "Puppet Agent", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 5.3.4 or 1.10.10" - } - ] - } - } - ] - }, - "vendor_name" : "Puppet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Permission Handling" - } + "CVE_data_meta": { + "ASSIGNER": "security@puppet.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-10689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Puppet Enterprise", + "version": { + "version_data": [ + { + "version_value": "prior to 2016.4.10 or 2017.3.4" + } + ] + } + }, + { + "product_name": "Puppet Agent", + "version": { + "version_data": [ + { + "version_value": "prior to 5.3.4 or 1.10.10" + } + ] + } + } + ] + }, + "vendor_name": "Puppet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://puppet.com/security/cve/CVE-2017-10689", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/CVE-2017-10689" - }, - { - "name" : "RHSA-2018:2927", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2927" - }, - { - "name" : "USN-3567-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3567-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Permission Handling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3567-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3567-1/" + }, + { + "name": "https://puppet.com/security/cve/CVE-2017-10689", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/CVE-2017-10689" + }, + { + "name": "RHSA-2018:2927", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2927" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10890.json b/2017/10xxx/CVE-2017-10890.json index fa9b48d51b1..fb142528998 100644 --- a/2017/10xxx/CVE-2017-10890.json +++ b/2017/10xxx/CVE-2017-10890.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RX-V200 firmware", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 09.87.17.09" - } - ] - } - }, - { - "product_name" : "RX-V100 firmware", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 03.29.17.09" - } - ] - } - }, - { - "product_name" : "RX-CLV1-P firmware", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 79.17.17.09" - } - ] - } - }, - { - "product_name" : "RX-CLV2-B firmware", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 89.07.17.09" - } - ] - } - }, - { - "product_name" : "RX-CLV3-N firmware", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 91.09.17.10" - } - ] - } - } - ] - }, - "vendor_name" : "Sharp Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Session Management Issue" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RX-V200 firmware", + "version": { + "version_data": [ + { + "version_value": "prior to 09.87.17.09" + } + ] + } + }, + { + "product_name": "RX-V100 firmware", + "version": { + "version_data": [ + { + "version_value": "prior to 03.29.17.09" + } + ] + } + }, + { + "product_name": "RX-CLV1-P firmware", + "version": { + "version_data": [ + { + "version_value": "prior to 79.17.17.09" + } + ] + } + }, + { + "product_name": "RX-CLV2-B firmware", + "version": { + "version_data": [ + { + "version_value": "prior to 89.07.17.09" + } + ] + } + }, + { + "product_name": "RX-CLV3-N firmware", + "version": { + "version_data": [ + { + "version_value": "prior to 91.09.17.10" + } + ] + } + } + ] + }, + "vendor_name": "Sharp Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#76382932", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN76382932/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Management Issue" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#76382932", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN76382932/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10899.json b/2017/10xxx/CVE-2017-10899.json index b5f8dcd8a56..2a927e9d81e 100644 --- a/2017/10xxx/CVE-2017-10899.json +++ b/2017/10xxx/CVE-2017-10899.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "A-Reserve", - "version" : { - "version_data" : [ - { - "version_value" : "versions 3.8.6 and earlier" - } - ] - } - }, - { - "product_name" : "A-Reserve for MT cloud", - "version" : { - "version_data" : [ - { - "version_value" : "versions 3.8.6 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Princeton Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "A-Reserve", + "version": { + "version_data": [ + { + "version_value": "versions 3.8.6 and earlier" + } + ] + } + }, + { + "product_name": "A-Reserve for MT cloud", + "version": { + "version_data": [ + { + "version_value": "versions 3.8.6 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Princeton Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#78501037", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN78501037/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#78501037", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN78501037/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12494.json b/2017/12xxx/CVE-2017-12494.json index 14235e12760..c7675efe3f6 100644 --- a/2017/12xxx/CVE-2017-12494.json +++ b/2017/12xxx/CVE-2017-12494.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12889.json b/2017/12xxx/CVE-2017-12889.json index 7cf618eaa28..60ee58c28c9 100644 --- a/2017/12xxx/CVE-2017-12889.json +++ b/2017/12xxx/CVE-2017-12889.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12889", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12889", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13289.json b/2017/13xxx/CVE-2017-13289.json index efc93464fe8..8d4218587ce 100644 --- a/2017/13xxx/CVE-2017-13289.json +++ b/2017/13xxx/CVE-2017-13289.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-13289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-13289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13602.json b/2017/13xxx/CVE-2017-13602.json index f2b0800c606..2f9ba0ec3df 100644 --- a/2017/13xxx/CVE-2017-13602.json +++ b/2017/13xxx/CVE-2017-13602.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13602", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13602", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13631.json b/2017/13xxx/CVE-2017-13631.json index b0e2bd7104a..8b017b29d50 100644 --- a/2017/13xxx/CVE-2017-13631.json +++ b/2017/13xxx/CVE-2017-13631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17073.json b/2017/17xxx/CVE-2017-17073.json index f67740accad..73933142fca 100644 --- a/2017/17xxx/CVE-2017-17073.json +++ b/2017/17xxx/CVE-2017-17073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17073", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17073", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17191.json b/2017/17xxx/CVE-2017-17191.json index fce50258314..c5d13131fc2 100644 --- a/2017/17xxx/CVE-2017-17191.json +++ b/2017/17xxx/CVE-2017-17191.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17191", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17191", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17529.json b/2017/17xxx/CVE-2017-17529.json index 121b4ce2be8..fd94150ec9c 100644 --- a/2017/17xxx/CVE-2017-17529.json +++ b/2017/17xxx/CVE-2017-17529.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-17529", - "refsource" : "MISC", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-17529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-17529", + "refsource": "MISC", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-17529" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17606.json b/2017/17xxx/CVE-2017-17606.json index f9fac7ab58d..f05d1e27089 100644 --- a/2017/17xxx/CVE-2017-17606.json +++ b/2017/17xxx/CVE-2017-17606.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43273", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43273/" - }, - { - "name" : "https://packetstormsecurity.com/files/145292/Co-work-Space-Search-Script-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145292/Co-work-Space-Search-Script-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145292/Co-work-Space-Search-Script-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145292/Co-work-Space-Search-Script-1.0-SQL-Injection.html" + }, + { + "name": "43273", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43273/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17691.json b/2017/17xxx/CVE-2017-17691.json index d4f193e7600..062cb36ad62 100644 --- a/2017/17xxx/CVE-2017-17691.json +++ b/2017/17xxx/CVE-2017-17691.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt", - "refsource" : "MISC", - "url" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt", + "refsource": "MISC", + "url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9927.json b/2017/9xxx/CVE-2017-9927.json index 6ed292a4cce..fa119e11e19 100644 --- a/2017/9xxx/CVE-2017-9927.json +++ b/2017/9xxx/CVE-2017-9927.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a \"Read Access Violation starting at image00000000_00400000+0x000000000001b5fe.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a \"Read Access Violation starting at image00000000_00400000+0x000000000001b5fe.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0203.json b/2018/0xxx/CVE-2018-0203.json index 85777873106..db2b9a4741f 100644 --- a/2018/0xxx/CVE-2018-0203.json +++ b/2018/0xxx/CVE-2018-0203.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unity Connection", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unity Connection" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-19" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unity Connection", + "version": { + "version_data": [ + { + "version_value": "Cisco Unity Connection" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc" - }, - { - "name" : "103142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103142" - }, - { - "name" : "1040413", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-19" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103142" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc" + }, + { + "name": "1040413", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040413" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0323.json b/2018/0xxx/CVE-2018-0323.json index 6e3dc957400..eb13b3509c8 100644 --- a/2018/0xxx/CVE-2018-0323.json +++ b/2018/0xxx/CVE-2018-0323.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Enterprise NFV Infrastructure Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Enterprise NFV Infrastructure Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Enterprise NFV Infrastructure Software", + "version": { + "version_data": [ + { + "version_value": "Cisco Enterprise NFV Infrastructure Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal" - }, - { - "name" : "104206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal" + }, + { + "name": "104206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104206" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18413.json b/2018/18xxx/CVE-2018-18413.json index 4bc951cd6ce..13cdf8aca89 100644 --- a/2018/18xxx/CVE-2018-18413.json +++ b/2018/18xxx/CVE-2018-18413.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18413", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18413", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18694.json b/2018/18xxx/CVE-2018-18694.json index 704bf4384e4..fc0428c86ae 100644 --- a/2018/18xxx/CVE-2018-18694.json +++ b/2018/18xxx/CVE-2018-18694.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/monstra-cms/monstra/issues/459", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/monstra-cms/monstra/issues/459", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/459" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18902.json b/2018/18xxx/CVE-2018-18902.json index 57612fc0dca..1e230c688ce 100644 --- a/2018/18xxx/CVE-2018-18902.json +++ b/2018/18xxx/CVE-2018-18902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18967.json b/2018/18xxx/CVE-2018-18967.json index 32b0ac2b6da..2703b635716 100644 --- a/2018/18xxx/CVE-2018-18967.json +++ b/2018/18xxx/CVE-2018-18967.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18967", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18967", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19224.json b/2018/19xxx/CVE-2018-19224.json index 37b7d657806..cd0a6cf385d 100644 --- a/2018/19xxx/CVE-2018-19224.json +++ b/2018/19xxx/CVE-2018-19224.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19653.json b/2018/19xxx/CVE-2018-19653.json index 5d0c5106918..7c7de73314e 100644 --- a/2018/19xxx/CVE-2018-19653.json +++ b/2018/19xxx/CVE-2018-19653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hashicorp/consul/pull/5069", - "refsource" : "MISC", - "url" : "https://github.com/hashicorp/consul/pull/5069" - }, - { - "name" : "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I" + }, + { + "name": "https://github.com/hashicorp/consul/pull/5069", + "refsource": "MISC", + "url": "https://github.com/hashicorp/consul/pull/5069" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19929.json b/2018/19xxx/CVE-2018-19929.json index dfef457a969..6b74cc7b23e 100644 --- a/2018/19xxx/CVE-2018-19929.json +++ b/2018/19xxx/CVE-2018-19929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1006.json b/2018/1xxx/CVE-2018-1006.json index 7e169d067c7..61c30553f3d 100644 --- a/2018/1xxx/CVE-2018-1006.json +++ b/2018/1xxx/CVE-2018-1006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1006", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1006", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1434.json b/2018/1xxx/CVE-2018-1434.json index 39736029aeb..e6cc02665f3 100644 --- a/2018/1xxx/CVE-2018-1434.json +++ b/2018/1xxx/CVE-2018-1434.json @@ -1,528 +1,528 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-05-14T00:00:00", - "ID" : "CVE-2018-1434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FlashSystem V9000", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Storwize V3700", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Storwize V5000", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Spectrum Virtualize Software", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "SAN Volume Controller", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - } - ] - } - }, - { - "product_name" : "Spectrum Virtualize for Public Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Storwize V7000 (2076)", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "1.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "8.1.1" - } - ] - } - }, - { - "product_name" : "Storwize V3500", - "version" : { - "version_data" : [ - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.6" - }, - { - "version_value" : "7.6.1" - }, - { - "version_value" : "7.7" - }, - { - "version_value" : "7.7.1" - }, - { - "version_value" : "7.8" - }, - { - "version_value" : "7.8.1" - }, - { - "version_value" : "8.1" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-05-14T00:00:00", + "ID": "CVE-2018-1434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FlashSystem V9000", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Storwize V3700", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Storwize V5000", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Spectrum Virtualize Software", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "SAN Volume Controller", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + } + ] + } + }, + { + "product_name": "Spectrum Virtualize for Public Cloud", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Storwize V7000 (2076)", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "1.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "8.1.1" + } + ] + } + }, + { + "product_name": "Storwize V3500", + "version": { + "version_data": [ + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.6" + }, + { + "version_value": "7.6.1" + }, + { + "version_value": "7.7" + }, + { + "version_value": "7.7.1" + }, + { + "version_value": "7.8" + }, + { + "version_value": "7.8.1" + }, + { + "version_value": "8.1" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283" - }, - { - "name" : "104349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104349" - }, - { - "name" : "ibm-storwize-cve20181434-csrf(139474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282" + }, + { + "name": "ibm-storwize-cve20181434-csrf(139474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474" + }, + { + "name": "104349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104349" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1546.json b/2018/1xxx/CVE-2018-1546.json index 343fd8609ce..a019d931530 100644 --- a/2018/1xxx/CVE-2018-1546.json +++ b/2018/1xxx/CVE-2018-1546.json @@ -1,145 +1,145 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-1546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.1.0" - }, - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.2.0" - }, - { - "version_value" : "5.0.5.0" - }, - { - "version_value" : "5.0.6.0" - }, - { - "version_value" : "5.0.6.1" - }, - { - "version_value" : "5.0.6.2" - }, - { - "version_value" : "5.0.7.0" - }, - { - "version_value" : "5.0.7.1" - }, - { - "version_value" : "5.0.3.0" - }, - { - "version_value" : "5.0.4.0" - }, - { - "version_value" : "5.0.7.2" - }, - { - "version_value" : "5.0.6.3" - }, - { - "version_value" : "5.0.6.4" - }, - { - "version_value" : "5.0.8.0" - }, - { - "version_value" : "5.0.8.1" - }, - { - "version_value" : "5.0.6.5" - }, - { - "version_value" : "5.0.6.6" - }, - { - "version_value" : "5.0.8.2" - }, - { - "version_value" : "5.0.8.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.900", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-02T00:00:00", + "ID": "CVE-2018-1546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.1.0" + }, + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.2.0" + }, + { + "version_value": "5.0.5.0" + }, + { + "version_value": "5.0.6.0" + }, + { + "version_value": "5.0.6.1" + }, + { + "version_value": "5.0.6.2" + }, + { + "version_value": "5.0.7.0" + }, + { + "version_value": "5.0.7.1" + }, + { + "version_value": "5.0.3.0" + }, + { + "version_value": "5.0.4.0" + }, + { + "version_value": "5.0.7.2" + }, + { + "version_value": "5.0.6.3" + }, + { + "version_value": "5.0.6.4" + }, + { + "version_value": "5.0.8.0" + }, + { + "version_value": "5.0.8.1" + }, + { + "version_value": "5.0.6.5" + }, + { + "version_value": "5.0.6.6" + }, + { + "version_value": "5.0.8.2" + }, + { + "version_value": "5.0.8.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715299", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715299" - }, - { - "name" : "ibm-api-cve20181546-info-disc(142650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.900", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-api-cve20181546-info-disc(142650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142650" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715299", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715299" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1811.json b/2018/1xxx/CVE-2018-1811.json index 4270c5be8b4..ce6e0383cb4 100644 --- a/2018/1xxx/CVE-2018-1811.json +++ b/2018/1xxx/CVE-2018-1811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1811", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1811", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1938.json b/2018/1xxx/CVE-2018-1938.json index ff36d481b3f..8845518d5cb 100644 --- a/2018/1xxx/CVE-2018-1938.json +++ b/2018/1xxx/CVE-2018-1938.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-02T00:00:00", - "ID" : "CVE-2018-1938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Private", - "version" : { - "version_data" : [ - { - "version_value" : "3.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "H", - "S" : "U", - "SCORE" : "4.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-03-02T00:00:00", + "ID": "CVE-2018-1938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Private", + "version": { + "version_data": [ + { + "version_value": "3.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770" - }, - { - "name" : "107299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107299" - }, - { - "name" : "ibm-cloud-cve20181938-info-disc(153318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "L", + "C": "H", + "I": "N", + "PR": "H", + "S": "U", + "SCORE": "4.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-cloud-cve20181938-info-disc(153318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318" + }, + { + "name": "107299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107299" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871770", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871770" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5791.json b/2018/5xxx/CVE-2018-5791.json index 32157fe389d..87b9972bb6b 100644 --- a/2018/5xxx/CVE-2018-5791.json +++ b/2018/5xxx/CVE-2018-5791.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", - "refsource" : "CONFIRM", - "url" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", + "refsource": "CONFIRM", + "url": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" + } + ] + } +} \ No newline at end of file