diff --git a/2008/0xxx/CVE-2008-0182.json b/2008/0xxx/CVE-2008-0182.json index 1920eb86d6e..40536594c62 100644 --- a/2008/0xxx/CVE-2008-0182.json +++ b/2008/0xxx/CVE-2008-0182.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-0182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.liferay.com/browse/LEP-4739", - "refsource" : "CONFIRM", - "url" : "http://support.liferay.com/browse/LEP-4739" - }, - { - "name" : "VU#767825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/767825" - }, - { - "name" : "28742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#767825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/767825" + }, + { + "name": "28742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28742" + }, + { + "name": "http://support.liferay.com/browse/LEP-4739", + "refsource": "CONFIRM", + "url": "http://support.liferay.com/browse/LEP-4739" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0476.json b/2008/0xxx/CVE-2008-0476.json index 7983419747c..8fb364550dc 100644 --- a/2008/0xxx/CVE-2008-0476.json +++ b/2008/0xxx/CVE-2008-0476.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27443" - }, - { - "name" : "28332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28332" - }, - { - "name" : "manageengine-checks-security-bypass(39915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "manageengine-checks-security-bypass(39915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39915" + }, + { + "name": "27443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27443" + }, + { + "name": "28332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28332" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0702.json b/2008/0xxx/CVE-2008-0702.json index fa5e2191a99..075bfb9cd7f 100644 --- a/2008/0xxx/CVE-2008-0702.json +++ b/2008/0xxx/CVE-2008-0702.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080201 Titan FTP Server Remote Heap Overflow (USER/PASS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487431/100/0/threaded" - }, - { - "name" : "5036", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5036" - }, - { - "name" : "27568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27568" - }, - { - "name" : "ADV-2008-0393", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0393" - }, - { - "name" : "28760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28760" - }, - { - "name" : "3639", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3639", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3639" + }, + { + "name": "ADV-2008-0393", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0393" + }, + { + "name": "20080201 Titan FTP Server Remote Heap Overflow (USER/PASS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487431/100/0/threaded" + }, + { + "name": "5036", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5036" + }, + { + "name": "28760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28760" + }, + { + "name": "27568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27568" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0774.json b/2008/0xxx/CVE-2008-0774.json index 9b6cb475174..daa7b4f8ed4 100644 --- a/2008/0xxx/CVE-2008-0774.json +++ b/2008/0xxx/CVE-2008-0774.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27729" - }, - { - "name" : "28881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28881" + }, + { + "name": "27729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27729" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0783.json b/2008/0xxx/CVE-2008-0783.json index f7002bc14ca..20a3765dbbd 100644 --- a/2008/0xxx/CVE-2008-0783.json +++ b/2008/0xxx/CVE-2008-0783.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 Cacti 0.8.7a Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488018/100/0/threaded" - }, - { - "name" : "20080212 cacti -- Multiple security vulnerabilities have been discovered", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488013/100/0/threaded" - }, - { - "name" : "http://www.cacti.net/release_notes_0_8_7b.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_0_8_7b.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=432758", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=432758" - }, - { - "name" : "http://bugs.cacti.net/view.php?id=1245", - "refsource" : "CONFIRM", - "url" : "http://bugs.cacti.net/view.php?id=1245" - }, - { - "name" : "DSA-1569", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1569" - }, - { - "name" : "FEDORA-2008-1699", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html" - }, - { - "name" : "FEDORA-2008-1737", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html" - }, - { - "name" : "GLSA-200803-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-18.xml" - }, - { - "name" : "MDVSA-2008:052", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:052" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "27749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27749" - }, - { - "name" : "34991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34991" - }, - { - "name" : "ADV-2008-0540", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0540" - }, - { - "name" : "1019414", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019414" - }, - { - "name" : "28872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28872" - }, - { - "name" : "28976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28976" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "29274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29274" - }, - { - "name" : "30045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30045" - }, - { - "name" : "3657", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3657" - }, - { - "name" : "cacti-datainput-xss(50575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-1737", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html" + }, + { + "name": "cacti-datainput-xss(50575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50575" + }, + { + "name": "http://bugs.cacti.net/view.php?id=1245", + "refsource": "CONFIRM", + "url": "http://bugs.cacti.net/view.php?id=1245" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=432758", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432758" + }, + { + "name": "3657", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3657" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "GLSA-200803-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-18.xml" + }, + { + "name": "28872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28872" + }, + { + "name": "MDVSA-2008:052", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:052" + }, + { + "name": "http://www.cacti.net/release_notes_0_8_7b.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_0_8_7b.php" + }, + { + "name": "30045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30045" + }, + { + "name": "29274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29274" + }, + { + "name": "20080212 cacti -- Multiple security vulnerabilities have been discovered", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488013/100/0/threaded" + }, + { + "name": "ADV-2008-0540", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0540" + }, + { + "name": "27749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27749" + }, + { + "name": "DSA-1569", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1569" + }, + { + "name": "28976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28976" + }, + { + "name": "FEDORA-2008-1699", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html" + }, + { + "name": "1019414", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019414" + }, + { + "name": "20080212 Cacti 0.8.7a Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488018/100/0/threaded" + }, + { + "name": "34991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34991" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3215.json b/2008/3xxx/CVE-2008-3215.json index f70929f5c69..1627917bbc0 100644 --- a/2008/3xxx/CVE-2008-3215.json +++ b/2008/3xxx/CVE-2008-3215.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080708 Re: CVE id request: Clamav", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/08/5" - }, - { - "name" : "[oss-security] 20080715 Re: CVE id request: Clamav", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/15/1" - }, - { - "name" : "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html", - "refsource" : "CONFIRM", - "url" : "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html" - }, - { - "name" : "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920", - "refsource" : "CONFIRM", - "url" : "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920" - }, - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4", - "refsource" : "CONFIRM", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4" - }, - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "FEDORA-2008-6338", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html" - }, - { - "name" : "FEDORA-2008-6422", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html" - }, - { - "name" : "GLSA-200808-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-07.xml" - }, - { - "name" : "MDVSA-2008:166", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166" - }, - { - "name" : "SUSE-SR:2008:015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "31091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31091" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "31437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31437" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "clamav-petitec-dos(44200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4", + "refsource": "CONFIRM", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4" + }, + { + "name": "31437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31437" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "[oss-security] 20080715 Re: CVE id request: Clamav", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/15/1" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "clamav-petitec-dos(44200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200" + }, + { + "name": "SUSE-SR:2008:015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920", + "refsource": "CONFIRM", + "url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "31091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31091" + }, + { + "name": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html", + "refsource": "CONFIRM", + "url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html" + }, + { + "name": "GLSA-200808-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-07.xml" + }, + { + "name": "MDVSA-2008:166", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166" + }, + { + "name": "FEDORA-2008-6422", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html" + }, + { + "name": "FEDORA-2008-6338", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html" + }, + { + "name": "[oss-security] 20080708 Re: CVE id request: Clamav", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/08/5" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3880.json b/2008/3xxx/CVE-2008-3880.json index 00abdedf880..4e4a1b649fc 100644 --- a/2008/3xxx/CVE-2008-3880.json +++ b/2008/3xxx/CVE-2008-3880.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080826 ZoneMinder Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495745/100/0/threaded" - }, - { - "name" : "30843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30843" - }, - { - "name" : "31636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31636" - }, - { - "name" : "zoneminder-zmhtmlviewevent-sql-injection(44726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30843" + }, + { + "name": "31636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31636" + }, + { + "name": "zoneminder-zmhtmlviewevent-sql-injection(44726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44726" + }, + { + "name": "20080826 ZoneMinder Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495745/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3963.json b/2008/3xxx/CVE-2008-3963.json index d9c0748bcc6..db8736e55ce 100644 --- a/2008/3xxx/CVE-2008-3963.json +++ b/2008/3xxx/CVE-2008-3963.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/09/4" - }, - { - "name" : "[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/09/7" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=35658", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=35658" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html" - }, - { - "name" : "https://bugs.gentoo.org/237166", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/237166" - }, - { - "name" : "DSA-1783", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1783" - }, - { - "name" : "MDVSA-2009:094", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094" - }, - { - "name" : "RHSA-2009:1067", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1067.html" - }, - { - "name" : "RHSA-2009:1289", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1289.html" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "USN-671-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-671-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "oval:org.mitre.oval:def:10521", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521" - }, - { - "name" : "34907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34907" - }, - { - "name" : "32769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32769" - }, - { - "name" : "36566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36566" - }, - { - "name" : "ADV-2008-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2554" - }, - { - "name" : "1020858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020858" - }, - { - "name" : "31769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31769" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "mysql-bitstring-dos(45042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.mysql.com/bug.php?id=35658", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=35658" + }, + { + "name": "MDVSA-2009:094", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "RHSA-2009:1067", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html" + }, + { + "name": "[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/09/7" + }, + { + "name": "ADV-2008-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2554" + }, + { + "name": "USN-671-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-671-1" + }, + { + "name": "https://bugs.gentoo.org/237166", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/237166" + }, + { + "name": "mysql-bitstring-dos(45042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45042" + }, + { + "name": "DSA-1783", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1783" + }, + { + "name": "RHSA-2009:1289", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1289.html" + }, + { + "name": "32769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32769" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "34907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34907" + }, + { + "name": "[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/09/4" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + }, + { + "name": "36566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36566" + }, + { + "name": "31769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31769" + }, + { + "name": "1020858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020858" + }, + { + "name": "oval:org.mitre.oval:def:10521", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4205.json b/2008/4xxx/CVE-2008-4205.json index 37e2495dfe0..a5207f4761a 100644 --- a/2008/4xxx/CVE-2008-4205.json +++ b/2008/4xxx/CVE-2008-4205.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080916 [ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496427/100/0/threaded" - }, - { - "name" : "6468", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6468" - }, - { - "name" : "http://e-rdc.org/v1/news.php?readmore=108", - "refsource" : "MISC", - "url" : "http://e-rdc.org/v1/news.php?readmore=108" - }, - { - "name" : "31207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31207" - }, - { - "name" : "48270", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48270" - }, - { - "name" : "31794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31794" - }, - { - "name" : "4307", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://e-rdc.org/v1/news.php?readmore=108", + "refsource": "MISC", + "url": "http://e-rdc.org/v1/news.php?readmore=108" + }, + { + "name": "31794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31794" + }, + { + "name": "6468", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6468" + }, + { + "name": "20080916 [ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496427/100/0/threaded" + }, + { + "name": "31207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31207" + }, + { + "name": "48270", + "refsource": "OSVDB", + "url": "http://osvdb.org/48270" + }, + { + "name": "4307", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4307" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4668.json b/2008/4xxx/CVE-2008-4668.json index 1e20371afa9..bc812dc9798 100644 --- a/2008/4xxx/CVE-2008-4668.json +++ b/2008/4xxx/CVE-2008-4668.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6618", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6618" - }, - { - "name" : "31458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31458" - }, - { - "name" : "4464", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4464" - }, - { - "name" : "imagebrowser-index-directory-traversal(45490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imagebrowser-index-directory-traversal(45490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45490" + }, + { + "name": "6618", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6618" + }, + { + "name": "31458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31458" + }, + { + "name": "4464", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4464" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4903.json b/2008/4xxx/CVE-2008-4903.json index a64b2051c6f..bd2fc5c503d 100644 --- a/2008/4xxx/CVE-2008-4903.json +++ b/2008/4xxx/CVE-2008-4903.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081031 Typo <= 5.1.3 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497970" - }, - { - "name" : "31993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31993" - }, - { - "name" : "32272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32272" - }, - { - "name" : "4550", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4550" - }, - { - "name" : "typo-commentauthor-commenturl-xss(46204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081031 Typo <= 5.1.3 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497970" + }, + { + "name": "32272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32272" + }, + { + "name": "31993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31993" + }, + { + "name": "typo-commentauthor-commenturl-xss(46204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46204" + }, + { + "name": "4550", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4550" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4904.json b/2008/4xxx/CVE-2008-4904.json index 5b8fefd19d9..90aa79b4a01 100644 --- a/2008/4xxx/CVE-2008-4904.json +++ b/2008/4xxx/CVE-2008-4904.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the \"Manage pages\" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with \"blog publisher\" rights to execute arbitrary SQL commands via the search[published_at] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081031 Typo <= 5.1.3 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497970" - }, - { - "name" : "31993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31993" - }, - { - "name" : "32272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32272" - }, - { - "name" : "4550", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4550" - }, - { - "name" : "typo-searchpublishedat-sql-injection(46205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the \"Manage pages\" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with \"blog publisher\" rights to execute arbitrary SQL commands via the search[published_at] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081031 Typo <= 5.1.3 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497970" + }, + { + "name": "32272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32272" + }, + { + "name": "31993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31993" + }, + { + "name": "typo-searchpublishedat-sql-injection(46205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46205" + }, + { + "name": "4550", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4550" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4922.json b/2008/4xxx/CVE-2008-4922.json index c0f49b13c8e..01818c1706b 100644 --- a/2008/4xxx/CVE-2008-4922.json +++ b/2008/4xxx/CVE-2008-4922.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6878", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6878" - }, - { - "name" : "31987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31987" - }, - { - "name" : "ADV-2008-2956", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2956" - }, - { - "name" : "4560", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4560" - }, - { - "name" : "djvu-msoffice-activex-bo(46214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6878", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6878" + }, + { + "name": "31987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31987" + }, + { + "name": "4560", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4560" + }, + { + "name": "djvu-msoffice-activex-bo(46214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46214" + }, + { + "name": "ADV-2008-2956", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2956" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2151.json b/2013/2xxx/CVE-2013-2151.json index 34635c1f2a7..a70058be179 100644 --- a/2013/2xxx/CVE-2013-2151.json +++ b/2013/2xxx/CVE-2013-2151.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2013:0925", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0925.html" - }, - { - "name" : "60473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60473" - }, - { - "name" : "enterprise-cve20132151-priv-esc(84868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60473" + }, + { + "name": "RHSA-2013:0925", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0925.html" + }, + { + "name": "enterprise-cve20132151-priv-esc(84868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84868" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2251.json b/2013/2xxx/CVE-2013-2251.json index 4eaf719bc94..9fa799c8fe7 100644 --- a/2013/2xxx/CVE-2013-2251.json +++ b/2013/2xxx/CVE-2013-2251.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131013 Apache Software Foundation A Subsite Remote command execution", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Oct/96" - }, - { - "name" : "[oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0day", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/89" - }, - { - "name" : "http://cxsecurity.com/issue/WLB-2014010087", - "refsource" : "MISC", - "url" : "http://cxsecurity.com/issue/WLB-2014010087" - }, - { - "name" : "http://struts.apache.org/release/2.3.x/docs/s2-016.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/release/2.3.x/docs/s2-016.html" - }, - { - "name" : "http://archiva.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://archiva.apache.org/security.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html" - }, - { - "name" : "20131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "61189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61189" - }, - { - "name" : "98445", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98445" - }, - { - "name" : "1029184", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029184" - }, - { - "name" : "1032916", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032916" - }, - { - "name" : "apache-archiva-ognl-command-exec(90392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "apache-archiva-ognl-command-exec(90392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90392" + }, + { + "name": "20131013 Apache Software Foundation A Subsite Remote command execution", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Oct/96" + }, + { + "name": "http://cxsecurity.com/issue/WLB-2014010087", + "refsource": "MISC", + "url": "http://cxsecurity.com/issue/WLB-2014010087" + }, + { + "name": "20131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2" + }, + { + "name": "http://struts.apache.org/release/2.3.x/docs/s2-016.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/release/2.3.x/docs/s2-016.html" + }, + { + "name": "http://archiva.apache.org/security.html", + "refsource": "CONFIRM", + "url": "http://archiva.apache.org/security.html" + }, + { + "name": "98445", + "refsource": "OSVDB", + "url": "http://osvdb.org/98445" + }, + { + "name": "1032916", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032916" + }, + { + "name": "61189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61189" + }, + { + "name": "1029184", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029184" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "[oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0day", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/89" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2354.json b/2013/2xxx/CVE-2013-2354.json index a2e3cdc37fc..db308579333 100644 --- a/2013/2xxx/CVE-2013-2354.json +++ b/2013/2xxx/CVE-2013-2354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2354", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2354", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2496.json b/2013/2xxx/CVE-2013-2496.json index b2e3d813fdc..82d19284dc8 100644 --- a/2013/2xxx/CVE-2013-2496.json +++ b/2013/2xxx/CVE-2013-2496.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e398990eb87785e20e065cd3f14d1dbb69df4392", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e398990eb87785e20e065cd3f14d1dbb69df4392" - }, - { - "name" : "USN-1790-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1790-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1790-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1790-1" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e398990eb87785e20e065cd3f14d1dbb69df4392", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e398990eb87785e20e065cd3f14d1dbb69df4392" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2527.json b/2013/2xxx/CVE-2013-2527.json index 95f6f6e5ae7..f5f332d6192 100644 --- a/2013/2xxx/CVE-2013-2527.json +++ b/2013/2xxx/CVE-2013-2527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3498.json b/2013/3xxx/CVE-2013-3498.json index 841fcaad213..639e99e13a2 100644 --- a/2013/3xxx/CVE-2013-3498.json +++ b/2013/3xxx/CVE-2013-3498.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Security Management before 7.7 MR3 and 8.0 before MR2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/KB27375", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/KB27375" - }, - { - "name" : "1028529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028529" - }, - { - "name" : "53359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53359" - }, - { - "name" : "juniper-smartpass-cve20133498-xss(84110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Security Management before 7.7 MR3 and 8.0 before MR2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1028529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028529" + }, + { + "name": "https://kb.juniper.net/KB27375", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/KB27375" + }, + { + "name": "juniper-smartpass-cve20133498-xss(84110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84110" + }, + { + "name": "53359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53359" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3794.json b/2013/3xxx/CVE-2013-3794.json index 920b1b296e2..068b7510065 100644 --- a/2013/3xxx/CVE-2013-3794.json +++ b/2013/3xxx/CVE-2013-3794.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "SUSE-SU-2013:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html" - }, - { - "name" : "openSUSE-SU-2013:1335", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html" - }, - { - "name" : "openSUSE-SU-2013:1410", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html" - }, - { - "name" : "SUSE-SU-2013:1529", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html" - }, - { - "name" : "61222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61222" - }, - { - "name" : "95333", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "openSUSE-SU-2013:1335", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html" + }, + { + "name": "SUSE-SU-2013:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html" + }, + { + "name": "95333", + "refsource": "OSVDB", + "url": "http://osvdb.org/95333" + }, + { + "name": "openSUSE-SU-2013:1410", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html" + }, + { + "name": "SUSE-SU-2013:1529", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "61222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61222" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3865.json b/2013/3xxx/CVE-2013-3865.json index cabe66f2d59..1306aaaabac 100644 --- a/2013/3xxx/CVE-2013-3865.json +++ b/2013/3xxx/CVE-2013-3865.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka \"Win32k Multiple Fetch Vulnerability,\" a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3864." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-076", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18813", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka \"Win32k Multiple Fetch Vulnerability,\" a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3864." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18813", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18813" + }, + { + "name": "MS13-076", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3919.json b/2013/3xxx/CVE-2013-3919.json index b87e73c8c5f..fd6b4e663cc 100644 --- a/2013/3xxx/CVE-2013-3919.json +++ b/2013/3xxx/CVE-2013-3919.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/article/AA-00967/", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-00967/" - }, - { - "name" : "https://support.apple.com/kb/HT6536", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6536" - }, - { - "name" : "APPLE-SA-2014-10-16-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-10-16-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" + }, + { + "name": "https://support.apple.com/kb/HT6536", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6536" + }, + { + "name": "https://kb.isc.org/article/AA-00967/", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-00967/" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3989.json b/2013/3xxx/CVE-2013-3989.json index 08631579f11..539402b2c45 100644 --- a/2013/3xxx/CVE-2013-3989.json +++ b/2013/3xxx/CVE-2013-3989.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21653287", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21653287" - }, - { - "name" : "appscan-cve20133989-info-disclosure(84975)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "appscan-cve20133989-info-disclosure(84975)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84975" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653287", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653287" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6027.json b/2013/6xxx/CVE-2013-6027.json index b4e927657ac..810e1a9c6f9 100644 --- a/2013/6xxx/CVE-2013-6027.json +++ b/2013/6xxx/CVE-2013-6027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-6027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pastebin.com/raw.php?i=vbiG42VD", - "refsource" : "MISC", - "url" : "http://pastebin.com/raw.php?i=vbiG42VD" - }, - { - "name" : "VU#248083", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/248083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pastebin.com/raw.php?i=vbiG42VD", + "refsource": "MISC", + "url": "http://pastebin.com/raw.php?i=vbiG42VD" + }, + { + "name": "VU#248083", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/248083" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6657.json b/2013/6xxx/CVE-2013-6657.json index 12cf5ca3e6f..bf4f19fc2b8 100644 --- a/2013/6xxx/CVE-2013-6657.json +++ b/2013/6xxx/CVE-2013-6657.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=331060", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=331060" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=164538&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=164538&view=revision" - }, - { - "name" : "DSA-2883", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2883" - }, - { - "name" : "openSUSE-SU-2014:0327", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2883", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2883" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=164538&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=164538&view=revision" + }, + { + "name": "openSUSE-SU-2014:0327", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=331060", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=331060" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6867.json b/2013/6xxx/CVE-2013-6867.json index e3e468b135f..934bf03d047 100644 --- a/2013/6xxx/CVE-2013-6867.json +++ b/2013/6xxx/CVE-2013-6867.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "http://www.sybase.com/detail?id=1099371", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1099371" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1893561", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1893561" - }, - { - "name" : "55537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sybase.com/detail?id=1099371", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1099371" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "55537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55537" + }, + { + "name": "https://service.sap.com/sap/support/notes/1893561", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1893561" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6920.json b/2013/6xxx/CVE-2013-6920.json index c2af2e3ab94..4ded16a5b0c 100644 --- a/2013/6xxx/CVE-2013-6920.json +++ b/2013/6xxx/CVE-2013-6920.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01" + }, + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6989.json b/2013/6xxx/CVE-2013-6989.json index 4b8a7963609..f2b1dc7e5f0 100644 --- a/2013/6xxx/CVE-2013-6989.json +++ b/2013/6xxx/CVE-2013-6989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7136.json b/2013/7xxx/CVE-2013-7136.json index d1e8e221f20..8cedf090885 100644 --- a/2013/7xxx/CVE-2013-7136.json +++ b/2013/7xxx/CVE-2013-7136.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-7136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30358", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30358/" - }, - { - "name" : "http://www.planitcomputing.ie/upc-wifi-attack.pdf", - "refsource" : "MISC", - "url" : "http://www.planitcomputing.ie/upc-wifi-attack.pdf" - }, - { - "name" : "cisco-epc2425-cve20137136-unauth-access(90133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.planitcomputing.ie/upc-wifi-attack.pdf", + "refsource": "MISC", + "url": "http://www.planitcomputing.ie/upc-wifi-attack.pdf" + }, + { + "name": "cisco-epc2425-cve20137136-unauth-access(90133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90133" + }, + { + "name": "30358", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30358/" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7220.json b/2013/7xxx/CVE-2013-7220.json index 0f33a6be1dd..df0af03bf11 100644 --- a/2013/7xxx/CVE-2013-7220.json +++ b/2013/7xxx/CVE-2013-7220.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/27/8" - }, - { - "name" : "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/27/6" - }, - { - "name" : "[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/27/4" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=686740", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=686740" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1030431", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1030431" - }, - { - "name" : "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j", - "refsource" : "CONFIRM", - "url" : "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j", + "refsource": "CONFIRM", + "url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1030431", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030431" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=686740", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=686740" + }, + { + "name": "[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/27/4" + }, + { + "name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/27/6" + }, + { + "name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/27/8" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10205.json b/2017/10xxx/CVE-2017-10205.json index 8d11664af81..512f1da53ae 100644 --- a/2017/10xxx/CVE-2017-10205.json +++ b/2017/10xxx/CVE-2017-10205.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Simphony", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.9" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Simphony accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Simphony", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.9" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99787" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Simphony accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99787" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10212.json b/2017/10xxx/CVE-2017-10212.json index 732b311edc0..5b03f3076b8 100644 --- a/2017/10xxx/CVE-2017-10212.json +++ b/2017/10xxx/CVE-2017-10212.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Suite8", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.10.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Suite8 accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Suite8", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.10.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99656" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Suite8 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99656" + }, + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10254.json b/2017/10xxx/CVE-2017-10254.json index ea0ba0a305d..1b57680ab70 100644 --- a/2017/10xxx/CVE-2017-10254.json +++ b/2017/10xxx/CVE-2017-10254.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise FIN Staffing Front Office", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise FIN Staffing Front Office", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99814" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99814" + }, + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10633.json b/2017/10xxx/CVE-2017-10633.json index 77ac6dd48cc..432294f3d41 100644 --- a/2017/10xxx/CVE-2017-10633.json +++ b/2017/10xxx/CVE-2017-10633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10633", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10694.json b/2017/10xxx/CVE-2017-10694.json index f96cd51dfb3..d6469faa0c8 100644 --- a/2017/10xxx/CVE-2017-10694.json +++ b/2017/10xxx/CVE-2017-10694.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10694", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10694", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13484.json b/2017/13xxx/CVE-2017-13484.json index 91e9c7a9673..b369afc7d5c 100644 --- a/2017/13xxx/CVE-2017-13484.json +++ b/2017/13xxx/CVE-2017-13484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14014.json b/2017/14xxx/CVE-2017-14014.json index 50bdcba3fb6..0a6d116d43f 100644 --- a/2017/14xxx/CVE-2017-14014.json +++ b/2017/14xxx/CVE-2017-14014.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2017-10-19T00:00:00", - "ID" : "CVE-2017-14014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ZOOM LATITUDE PRM", - "version" : { - "version_data" : [ - { - "version_value" : "Model 3120" - } - ] - } - } - ] - }, - "vendor_name" : "Boston Scientific" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of hard-coded cryptographic key CWE-321" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2017-10-19T00:00:00", + "ID": "CVE-2017-14014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ZOOM LATITUDE PRM", + "version": { + "version_data": [ + { + "version_value": "Model 3120" + } + ] + } + } + ] + }, + "vendor_name": "Boston Scientific" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01" - }, - { - "name" : "101510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of hard-coded cryptographic key CWE-321" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101510" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14744.json b/2017/14xxx/CVE-2017-14744.json index faae2a6d0b3..c5f1d35789f 100644 --- a/2017/14xxx/CVE-2017-14744.json +++ b/2017/14xxx/CVE-2017-14744.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E/", - "refsource" : "MISC", - "url" : "http://www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E/", + "refsource": "MISC", + "url": "http://www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14796.json b/2017/14xxx/CVE-2017-14796.json index b802f9f3096..c08b07dbb87 100644 --- a/2017/14xxx/CVE-2017-14796.json +++ b/2017/14xxx/CVE-2017-14796.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md", - "refsource" : "MISC", - "url" : "https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md", + "refsource": "MISC", + "url": "https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14895.json b/2017/14xxx/CVE-2017-14895.json index 906d858a14a..73b63b72ccc 100644 --- a/2017/14xxx/CVE-2017-14895.json +++ b/2017/14xxx/CVE-2017-14895.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-14895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Update target name from hif after SSR" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-14895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Update target name from hif after SSR" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + }, + { + "name": "102073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102073" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17072.json b/2017/17xxx/CVE-2017-17072.json index 5552cba88e9..bf50c5cb2d8 100644 --- a/2017/17xxx/CVE-2017-17072.json +++ b/2017/17xxx/CVE-2017-17072.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17072", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17072", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17308.json b/2017/17xxx/CVE-2017-17308.json index cd4b4b90312..23ccd135441 100644 --- a/2017/17xxx/CVE-2017-17308.json +++ b/2017/17xxx/CVE-2017-17308.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300, RP200, TE30, TE40, TE50, TE60", - "version" : { - "version_data" : [ - { - "version_value" : "DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has an invalid memory access vulnerability. An unauthenticated, remote attacker may send specially crafted packets to the affected products. Due to insufficient validation of packets, successful exploit may cause some services abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "invalid memory access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300, RP200, TE30, TE40, TE50, TE60", + "version": { + "version_data": [ + { + "version_value": "DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-sccpx-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-sccpx-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has an invalid memory access vulnerability. An unauthenticated, remote attacker may send specially crafted packets to the affected products. Due to insufficient validation of packets, successful exploit may cause some services abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "invalid memory access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-sccpx-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-sccpx-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17457.json b/2017/17xxx/CVE-2017-17457.json index 5dc7a03fdf7..40db7561494 100644 --- a/2017/17xxx/CVE-2017-17457.json +++ b/2017/17xxx/CVE-2017-17457.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" - }, - { - "name" : "https://github.com/erikd/libsndfile/issues/344", - "refsource" : "MISC", - "url" : "https://github.com/erikd/libsndfile/issues/344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/erikd/libsndfile/issues/344", + "refsource": "MISC", + "url": "https://github.com/erikd/libsndfile/issues/344" + }, + { + "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17760.json b/2017/17xxx/CVE-2017-17760.json index 6db8b2a440f..4a9a1a83d69 100644 --- a/2017/17xxx/CVE-2017-17760.json +++ b/2017/17xxx/CVE-2017-17760.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1235-1] opencv security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html" - }, - { - "name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html" - }, - { - "name" : "https://github.com/opencv/opencv/issues/10351", - "refsource" : "MISC", - "url" : "https://github.com/opencv/opencv/issues/10351" - }, - { - "name" : "https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c", - "refsource" : "MISC", - "url" : "https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c" - }, - { - "name" : "102974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html" + }, + { + "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1235-1] opencv security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html" + }, + { + "name": "https://github.com/opencv/opencv/issues/10351", + "refsource": "MISC", + "url": "https://github.com/opencv/opencv/issues/10351" + }, + { + "name": "https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c", + "refsource": "MISC", + "url": "https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c" + }, + { + "name": "102974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102974" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9063.json b/2017/9xxx/CVE-2017-9063.json index a40311fe46a..5c921f4a552 100644 --- a/2017/9xxx/CVE-2017-9063.json +++ b/2017/9xxx/CVE-2017-9063.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wpvulndb.com/vulnerabilities/8820", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8820" - }, - { - "name" : "https://codex.wordpress.org/Version_4.7.5", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.7.5" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3" - }, - { - "name" : "https://wordpress.org/news/2017/05/wordpress-4-7-5/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2017/05/wordpress-4-7-5/" - }, - { - "name" : "DSA-3870", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3870" - }, - { - "name" : "98509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98509" - }, - { - "name" : "1038520", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038520", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038520" + }, + { + "name": "https://wordpress.org/news/2017/05/wordpress-4-7-5/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2017/05/wordpress-4-7-5/" + }, + { + "name": "DSA-3870", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3870" + }, + { + "name": "98509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98509" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8820", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8820" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3" + }, + { + "name": "https://codex.wordpress.org/Version_4.7.5", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.7.5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9157.json b/2017/9xxx/CVE-2017-9157.json index 22fbcce66f5..d8ed8dfb7b3 100644 --- a/2017/9xxx/CVE-2017-9157.json +++ b/2017/9xxx/CVE-2017-9157.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9526.json b/2017/9xxx/CVE-2017-9526.json index 6c02c529459..c7b45abb2de 100644 --- a/2017/9xxx/CVE-2017-9526.json +++ b/2017/9xxx/CVE-2017-9526.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1042326", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1042326" - }, - { - "name" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b", - "refsource" : "CONFIRM", - "url" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b" - }, - { - "name" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56", - "refsource" : "CONFIRM", - "url" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-3880", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3880" - }, - { - "name" : "99046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b", + "refsource": "CONFIRM", + "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b" + }, + { + "name": "DSA-3880", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3880" + }, + { + "name": "99046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99046" + }, + { + "name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56", + "refsource": "CONFIRM", + "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1042326", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1042326" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0023.json b/2018/0xxx/CVE-2018-0023.json index f606b52c653..e9999d4b88b 100644 --- a/2018/0xxx/CVE-2018-0023.json +++ b/2018/0xxx/CVE-2018-0023.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-04-11T16:00:00.000Z", - "ID" : "CVE-2018-0023", - "STATE" : "PUBLIC", - "TITLE" : "Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos Snapshot Administrator (JSNAPy)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "all", - "version_value" : "1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 5.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insecure file permission" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-04-11T16:00:00.000Z", + "ID": "CVE-2018-0023", + "STATE": "PUBLIC", + "TITLE": "Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos Snapshot Administrator (JSNAPy)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "all", + "version_value": "1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10856", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10856" - }, - { - "name" : "103745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103745" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "This issue is resolved in 1.3.0 and subsequent releases.\nFixed JSNAPy releases can be downloaded from https://github.com/Juniper/jsnapy/releases.\n" - }, - { - "lang" : "eng", - "value" : "Upgrading to the fixed release is not sufficient to resolve the issue, modifying file permission after upgrade as described in the workaround section is required.\nThis issue is fixed for fresh/new installation." - } - ], - "source" : { - "advisory" : "JSA10856", - "discovery" : "INTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "The workaround is to change the related files and directory to group/world to readable, but not writable:\n # sudo chmod -R og-w /etc/jsnapy\n # ls -l /etc/jsnapy/\n total 20\n -rwxr-xr-x 1 root root 387 Aug 9 2016 jsnapy.cfg \n -rwxr-xr-x 1 root root 1695 Aug 9 2016 logging.yml \n drwxr-xr-x 2 root root 4096 Aug 26 2016 samples \n drwxr-xr-x 2 root root 4096 Aug 26 2016 snapshots \n drwxr-xr-x 2 root root 4096 Aug 26 2016 testfiles" - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insecure file permission" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10856", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10856" + }, + { + "name": "103745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103745" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This issue is resolved in 1.3.0 and subsequent releases.\nFixed JSNAPy releases can be downloaded from https://github.com/Juniper/jsnapy/releases.\n" + }, + { + "lang": "eng", + "value": "Upgrading to the fixed release is not sufficient to resolve the issue, modifying file permission after upgrade as described in the workaround section is required.\nThis issue is fixed for fresh/new installation." + } + ], + "source": { + "advisory": "JSA10856", + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "The workaround is to change the related files and directory to group/world to readable, but not writable:\n # sudo chmod -R og-w /etc/jsnapy\n # ls -l /etc/jsnapy/\n total 20\n -rwxr-xr-x 1 root root 387 Aug 9 2016 jsnapy.cfg \n -rwxr-xr-x 1 root root 1695 Aug 9 2016 logging.yml \n drwxr-xr-x 2 root root 4096 Aug 26 2016 samples \n drwxr-xr-x 2 root root 4096 Aug 26 2016 snapshots \n drwxr-xr-x 2 root root 4096 Aug 26 2016 testfiles" + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0413.json b/2018/0xxx/CVE-2018-0413.json index db87fce19bd..5f909dd9dce 100644 --- a/2018/0xxx/CVE-2018-0413.json +++ b/2018/0xxx/CVE-2018-0413.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Identity Services Engine unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Identity Services Engine unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf" - }, - { - "name" : "104950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104950" - }, - { - "name" : "1041408", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104950" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf" + }, + { + "name": "1041408", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041408" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0627.json b/2018/0xxx/CVE-2018-0627.json index 190dcf62b98..34ce0d80eae 100644 --- a/2018/0xxx/CVE-2018-0627.json +++ b/2018/0xxx/CVE-2018-0627.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WG1200HP", - "version" : { - "version_data" : [ - { - "version_value" : "firmware Ver1.0.31 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NEC Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WG1200HP", + "version": { + "version_data": [ + { + "version_value": "firmware Ver1.0.31 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html", - "refsource" : "MISC", - "url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html" - }, - { - "name" : "JVN#00401783", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN00401783/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html", + "refsource": "MISC", + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "name": "JVN#00401783", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN00401783/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000015.json b/2018/1000xxx/CVE-2018-1000015.json index 751d2e81439..e7d57a0fdf6 100644 --- a/2018/1000xxx/CVE-2018-1000015.json +++ b/2018/1000xxx/CVE-2018-1000015.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-01-22", - "ID" : "CVE-2018-1000015", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Pipeline: Nodes and Processes Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Pipeline: Nodes and Processes Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-01-22", + "ID": "CVE-2018-1000015", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-01-22/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-01-22/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-01-22/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000016.json b/2018/1000xxx/CVE-2018-1000016.json index 2f41a492608..6f85bf539b5 100644 --- a/2018/1000xxx/CVE-2018-1000016.json +++ b/2018/1000xxx/CVE-2018-1000016.json @@ -1,20 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2018-01-22", - "ID" : "CVE-2018-1000016", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17383. Reason: This candidate is a reservation duplicate of CVE-2017-17383. Notes: All CVE users should reference CVE-2017-17383 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000016", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17383. Reason: This candidate is a reservation duplicate of CVE-2017-17383. Notes: All CVE users should reference CVE-2017-17383 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000875.json b/2018/1000xxx/CVE-2018-1000875.json index 88ec9964159..4ff7584d4ce 100644 --- a/2018/1000xxx/CVE-2018-1000875.json +++ b/2018/1000xxx/CVE-2018-1000875.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-19T20:52:45.262092", - "DATE_REQUESTED" : "2018-12-13T17:03:00", - "ID" : "CVE-2018-1000875", - "REQUESTER" : "theaspens0@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BOINC Server and Website Code", - "version" : { - "version_data" : [ - { - "version_value" : "0.9-1.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Berkeley Open Infrastructure for Network Computing" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-302: Authentication Bypass by Assumed-Immutable Data" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-19T20:52:45.262092", + "DATE_REQUESTED": "2018-12-13T17:03:00", + "ID": "CVE-2018-1000875", + "REQUESTER": "theaspens0@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BOINC/boinc/issues/2907", - "refsource" : "MISC", - "url" : "https://github.com/BOINC/boinc/issues/2907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BOINC/boinc/issues/2907", + "refsource": "MISC", + "url": "https://github.com/BOINC/boinc/issues/2907" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19153.json b/2018/19xxx/CVE-2018-19153.json index 1fc20c516bd..2747f3042cf 100644 --- a/2018/19xxx/CVE-2018-19153.json +++ b/2018/19xxx/CVE-2018-19153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19153", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19153", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19477.json b/2018/19xxx/CVE-2018-19477.json index 6b7e87966db..b6c5422fbee 100644 --- a/2018/19xxx/CVE-2018-19477.json +++ b/2018/19xxx/CVE-2018-19477.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;h=606a22e77e7f081781e99e44644cd0119f559e03", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;h=606a22e77e7f081781e99e44644cd0119f559e03" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=700168", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=700168" - }, - { - "name" : "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26", - "refsource" : "MISC", - "url" : "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26" - }, - { - "name" : "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf", - "refsource" : "MISC", - "url" : "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf" - }, - { - "name" : "DSA-4346", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4346" - }, - { - "name" : "RHSA-2019:0229", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0229" - }, - { - "name" : "USN-3831-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3831-1/" - }, - { - "name" : "106154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4346", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4346" + }, + { + "name": "RHSA-2019:0229", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0229" + }, + { + "name": "USN-3831-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3831-1/" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=700168", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700168" + }, + { + "name": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf", + "refsource": "MISC", + "url": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf" + }, + { + "name": "106154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106154" + }, + { + "name": "[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html" + }, + { + "name": "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26", + "refsource": "MISC", + "url": "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;h=606a22e77e7f081781e99e44644cd0119f559e03", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;h=606a22e77e7f081781e99e44644cd0119f559e03" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19518.json b/2018/19xxx/CVE-2018-19518.json index 1fcaf481f3a..7e1e8d8387c 100644 --- a/2018/19xxx/CVE-2018-19518.json +++ b/2018/19xxx/CVE-2018-19518.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45914", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45914/" - }, - { - "name" : "[debian-lts-announce] 20181217 [SECURITY] [DLA 1608-1] php5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html" - }, - { - "name" : "[debian-lts-announce] 20190301 [SECURITY] [DLA 1700-1] uw-imap security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html" - }, - { - "name" : "https://antichat.com/threads/463395/#post-4254681", - "refsource" : "MISC", - "url" : "https://antichat.com/threads/463395/#post-4254681" - }, - { - "name" : "https://bugs.debian.org/913775", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/913775" - }, - { - "name" : "https://bugs.debian.org/913835", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/913835" - }, - { - "name" : "https://bugs.debian.org/913836", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/913836" - }, - { - "name" : "https://bugs.php.net/bug.php?id=76428", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=76428" - }, - { - "name" : "https://bugs.php.net/bug.php?id=77153", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77153" - }, - { - "name" : "https://bugs.php.net/bug.php?id=77160", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77160" - }, - { - "name" : "https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php", - "refsource" : "MISC", - "url" : "https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php" - }, - { - "name" : "https://www.openwall.com/lists/oss-security/2018/11/22/3", - "refsource" : "MISC", - "url" : "https://www.openwall.com/lists/oss-security/2018/11/22/3" - }, - { - "name" : "https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb", - "refsource" : "CONFIRM", - "url" : "https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181221-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181221-0004/" - }, - { - "name" : "DSA-4353", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4353" - }, - { - "name" : "106018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106018" - }, - { - "name" : "1042157", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.php.net/bug.php?id=77160", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77160" + }, + { + "name": "45914", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45914/" + }, + { + "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1700-1] uw-imap security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181221-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181221-0004/" + }, + { + "name": "1042157", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042157" + }, + { + "name": "DSA-4353", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4353" + }, + { + "name": "https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php", + "refsource": "MISC", + "url": "https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php" + }, + { + "name": "https://bugs.debian.org/913835", + "refsource": "MISC", + "url": "https://bugs.debian.org/913835" + }, + { + "name": "https://www.openwall.com/lists/oss-security/2018/11/22/3", + "refsource": "MISC", + "url": "https://www.openwall.com/lists/oss-security/2018/11/22/3" + }, + { + "name": "https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb", + "refsource": "CONFIRM", + "url": "https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb" + }, + { + "name": "106018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106018" + }, + { + "name": "https://bugs.php.net/bug.php?id=76428", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=76428" + }, + { + "name": "https://bugs.debian.org/913775", + "refsource": "MISC", + "url": "https://bugs.debian.org/913775" + }, + { + "name": "https://bugs.debian.org/913836", + "refsource": "MISC", + "url": "https://bugs.debian.org/913836" + }, + { + "name": "https://antichat.com/threads/463395/#post-4254681", + "refsource": "MISC", + "url": "https://antichat.com/threads/463395/#post-4254681" + }, + { + "name": "https://bugs.php.net/bug.php?id=77153", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77153" + }, + { + "name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1608-1] php5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19750.json b/2018/19xxx/CVE-2018-19750.json index 96c4f26533b..d25ed59401a 100644 --- a/2018/19xxx/CVE-2018-19750.json +++ b/2018/19xxx/CVE-2018-19750.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45946", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45946/" - }, - { - "name" : "https://github.com/domainmod/domainmod/issues/82", - "refsource" : "MISC", - "url" : "https://github.com/domainmod/domainmod/issues/82" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/domainmod/domainmod/issues/82", + "refsource": "MISC", + "url": "https://github.com/domainmod/domainmod/issues/82" + }, + { + "name": "45946", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45946/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1198.json b/2018/1xxx/CVE-2018-1198.json index 584b28d7bb0..490197f472f 100644 --- a/2018/1xxx/CVE-2018-1198.json +++ b/2018/1xxx/CVE-2018-1198.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-09-13T04:00:00.000Z", - "ID" : "CVE-2018-1198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Cache", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "1.31" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Credential leak" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-09-13T04:00:00.000Z", + "ID": "CVE-2018-1198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Cache", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.31" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-1198", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-1198" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Credential leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2018-1198", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-1198" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1237.json b/2018/1xxx/CVE-2018-1237.json index 605e95c9654..3a9d95fbee3 100644 --- a/2018/1xxx/CVE-2018-1237.json +++ b/2018/1xxx/CVE-2018-1237.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2018-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ScaleIO", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to 2.5" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of Excessive Authentication Attempts Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2018-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ScaleIO", + "version": { + "version_data": [ + { + "version_value": "versions prior to 2.5" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180326 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/59" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Excessive Authentication Attempts Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180326 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Mar/59" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1555.json b/2018/1xxx/CVE-2018-1555.json index e0d74883ba7..4992100ff4a 100644 --- a/2018/1xxx/CVE-2018-1555.json +++ b/2018/1xxx/CVE-2018-1555.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FileNet P8 Platform", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-02T00:00:00", + "ID": "CVE-2018-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FileNet P8 Platform", + "version": { + "version_data": [ + { + "version_value": "5.2.1" + }, + { + "version_value": "5.5.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015943", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015943" - }, - { - "name" : "1041225", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041225" - }, - { - "name" : "ibm-filenet-cve20181555-xss(142892)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22015943", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22015943" + }, + { + "name": "ibm-filenet-cve20181555-xss(142892)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142892" + }, + { + "name": "1041225", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041225" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4052.json b/2018/4xxx/CVE-2018-4052.json index f01cb1c0704..37ffdf1a3ee 100644 --- a/2018/4xxx/CVE-2018-4052.json +++ b/2018/4xxx/CVE-2018-4052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4669.json b/2018/4xxx/CVE-2018-4669.json index edf511812db..ae14a812a5f 100644 --- a/2018/4xxx/CVE-2018-4669.json +++ b/2018/4xxx/CVE-2018-4669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4669", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4669", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4796.json b/2018/4xxx/CVE-2018-4796.json index 623308eb48c..fca5e480674 100644 --- a/2018/4xxx/CVE-2018-4796.json +++ b/2018/4xxx/CVE-2018-4796.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4796", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4796", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file