From af89c5b0948cbb6196d8d118228c69c75c366d90 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:12:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0719.json | 140 +++++------ 2008/0xxx/CVE-2008-0865.json | 150 ++++++------ 2008/0xxx/CVE-2008-0876.json | 150 ++++++------ 2008/1xxx/CVE-2008-1796.json | 160 ++++++------ 2008/3xxx/CVE-2008-3032.json | 150 ++++++------ 2008/3xxx/CVE-2008-3230.json | 180 +++++++------- 2008/3xxx/CVE-2008-3386.json | 160 ++++++------ 2008/3xxx/CVE-2008-3427.json | 34 +-- 2008/3xxx/CVE-2008-3678.json | 150 ++++++------ 2008/4xxx/CVE-2008-4141.json | 180 +++++++------- 2008/4xxx/CVE-2008-4224.json | 190 +++++++-------- 2008/4xxx/CVE-2008-4306.json | 320 ++++++++++++------------ 2008/4xxx/CVE-2008-4397.json | 200 +++++++-------- 2008/7xxx/CVE-2008-7011.json | 150 ++++++------ 2013/2xxx/CVE-2013-2464.json | 380 ++++++++++++++--------------- 2013/2xxx/CVE-2013-2543.json | 34 +-- 2013/2xxx/CVE-2013-2668.json | 34 +-- 2013/2xxx/CVE-2013-2730.json | 170 ++++++------- 2013/2xxx/CVE-2013-2765.json | 220 ++++++++--------- 2013/3xxx/CVE-2013-3269.json | 160 ++++++------ 2013/3xxx/CVE-2013-3634.json | 120 ++++----- 2013/6xxx/CVE-2013-6103.json | 34 +-- 2013/6xxx/CVE-2013-6285.json | 120 ++++----- 2013/6xxx/CVE-2013-6571.json | 34 +-- 2013/6xxx/CVE-2013-6852.json | 120 ++++----- 2013/7xxx/CVE-2013-7096.json | 160 ++++++------ 2017/10xxx/CVE-2017-10601.json | 244 +++++++++--------- 2017/10xxx/CVE-2017-10650.json | 34 +-- 2017/10xxx/CVE-2017-10855.json | 130 +++++----- 2017/10xxx/CVE-2017-10868.json | 130 +++++----- 2017/14xxx/CVE-2017-14115.json | 140 +++++------ 2017/14xxx/CVE-2017-14511.json | 140 +++++------ 2017/14xxx/CVE-2017-14909.json | 132 +++++----- 2017/14xxx/CVE-2017-14910.json | 122 ++++----- 2017/15xxx/CVE-2017-15436.json | 34 +-- 2017/17xxx/CVE-2017-17203.json | 34 +-- 2017/17xxx/CVE-2017-17424.json | 120 ++++----- 2017/17xxx/CVE-2017-17510.json | 34 +-- 2017/17xxx/CVE-2017-17820.json | 130 +++++----- 2017/9xxx/CVE-2017-9013.json | 34 +-- 2017/9xxx/CVE-2017-9262.json | 130 +++++----- 2017/9xxx/CVE-2017-9816.json | 120 ++++----- 2017/9xxx/CVE-2017-9931.json | 120 ++++----- 2018/0xxx/CVE-2018-0030.json | 346 +++++++++++++------------- 2018/0xxx/CVE-2018-0275.json | 130 +++++----- 2018/0xxx/CVE-2018-0416.json | 188 +++++++------- 2018/0xxx/CVE-2018-0867.json | 34 +-- 2018/0xxx/CVE-2018-0911.json | 142 +++++------ 2018/1000xxx/CVE-2018-1000011.json | 124 +++++----- 2018/1000xxx/CVE-2018-1000105.json | 124 +++++----- 2018/1000xxx/CVE-2018-1000873.json | 146 +++++------ 2018/16xxx/CVE-2018-16932.json | 34 +-- 2018/17xxx/CVE-2018-17997.json | 88 +++++-- 2018/19xxx/CVE-2018-19008.json | 132 +++++----- 2018/19xxx/CVE-2018-19094.json | 34 +-- 2018/19xxx/CVE-2018-19381.json | 34 +-- 2018/19xxx/CVE-2018-19621.json | 120 ++++----- 2018/19xxx/CVE-2018-19649.json | 130 +++++----- 2018/19xxx/CVE-2018-19717.json | 130 +++++----- 2018/1xxx/CVE-2018-1346.json | 186 +++++++------- 2018/4xxx/CVE-2018-4331.json | 34 +-- 2018/4xxx/CVE-2018-4578.json | 34 +-- 2018/4xxx/CVE-2018-4711.json | 34 +-- 2018/4xxx/CVE-2018-4787.json | 34 +-- 2018/4xxx/CVE-2018-4847.json | 132 +++++----- 65 files changed, 4086 insertions(+), 4032 deletions(-) diff --git a/2008/0xxx/CVE-2008-0719.json b/2008/0xxx/CVE-2008-0719.json index 47d5ec80d2a..364c07231e6 100644 --- a/2008/0xxx/CVE-2008-0719.json +++ b/2008/0xxx/CVE-2008-0719.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5075", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5075" - }, - { - "name" : "27664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27664" - }, - { - "name" : "28831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28831" + }, + { + "name": "27664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27664" + }, + { + "name": "5075", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5075" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0865.json b/2008/0xxx/CVE-2008-0865.json index 4700664b182..62c6cd605f0 100644 --- a/2008/0xxx/CVE-2008-0865.json +++ b/2008/0xxx/CVE-2008-0865.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA08-184.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/257" - }, - { - "name" : "ADV-2008-0613", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0613" - }, - { - "name" : "1019451", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019451" - }, - { - "name" : "29041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA08-184.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/257" + }, + { + "name": "ADV-2008-0613", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0613" + }, + { + "name": "29041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29041" + }, + { + "name": "1019451", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019451" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0876.json b/2008/0xxx/CVE-2008-0876.json index 19ca6cde851..8e90fb0669b 100644 --- a/2008/0xxx/CVE-2008-0876.json +++ b/2008/0xxx/CVE-2008-0876.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via \"invalid data.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS08-002_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS08-002_e/index-e.html" - }, - { - "name" : "27900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27900" - }, - { - "name" : "ADV-2008-0617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0617" - }, - { - "name" : "29028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via \"invalid data.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0617" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS08-002_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS08-002_e/index-e.html" + }, + { + "name": "29028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29028" + }, + { + "name": "27900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27900" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1796.json b/2008/1xxx/CVE-2008-1796.json index 1c13535b193..f894a1b2191 100644 --- a/2008/1xxx/CVE-2008-1796.json +++ b/2008/1xxx/CVE-2008-1796.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FEDORA-2008-2981", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html" - }, - { - "name" : "FEDORA-2008-2993", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html" - }, - { - "name" : "GLSA-200804-29", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-29.xml" - }, - { - "name" : "29956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29956" - }, - { - "name" : "comix-temporary-directories-dos(41854)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200804-29", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml" + }, + { + "name": "FEDORA-2008-2981", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html" + }, + { + "name": "comix-temporary-directories-dos(41854)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41854" + }, + { + "name": "FEDORA-2008-2993", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html" + }, + { + "name": "29956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29956" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3032.json b/2008/3xxx/CVE-2008-3032.json index f46ecf6fa39..fbc5792927c 100644 --- a/2008/3xxx/CVE-2008-3032.json +++ b/2008/3xxx/CVE-2008-3032.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-2/" - }, - { - "name" : "30039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30039" - }, - { - "name" : "30884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30884" - }, - { - "name" : "phpmyadmin-typo3-unspecified-xss(43508)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmyadmin-typo3-unspecified-xss(43508)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43508" + }, + { + "name": "30039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30039" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-2/" + }, + { + "name": "30884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30884" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3230.json b/2008/3xxx/CVE-2008-3230.json index 20699e5fb92..5be6ae2a086 100644 --- a/2008/3xxx/CVE-2008-3230.json +++ b/2008/3xxx/CVE-2008-3230.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080713 CVE requests: crashers by zzuf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/13/3" - }, - { - "name" : "https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530", - "refsource" : "MISC", - "url" : "https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=542643", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=542643" - }, - { - "name" : "MDVSA-2009:297", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:297" - }, - { - "name" : "31234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31234" - }, - { - "name" : "31899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31899" - }, - { - "name" : "ffmpeg-demuxer-dos(44210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ffmpeg-demuxer-dos(44210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44210" + }, + { + "name": "[oss-security] 20080713 CVE requests: crashers by zzuf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/13/3" + }, + { + "name": "https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530", + "refsource": "MISC", + "url": "https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530" + }, + { + "name": "31234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31234" + }, + { + "name": "31899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31899" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=542643", + "refsource": "CONFIRM", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=542643" + }, + { + "name": "MDVSA-2009:297", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:297" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3386.json b/2008/3xxx/CVE-2008-3386.json index a20ecbfedd1..5ac6f012aad 100644 --- a/2008/3xxx/CVE-2008-3386.json +++ b/2008/3xxx/CVE-2008-3386.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6092", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6092" - }, - { - "name" : "30272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30272" - }, - { - "name" : "31134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31134" - }, - { - "name" : "4075", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4075" - }, - { - "name" : "videoshareenterprise-album-sql-injection(43861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6092", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6092" + }, + { + "name": "videoshareenterprise-album-sql-injection(43861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43861" + }, + { + "name": "4075", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4075" + }, + { + "name": "31134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31134" + }, + { + "name": "30272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30272" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3427.json b/2008/3xxx/CVE-2008-3427.json index 4894345fbbe..8fce7adba4d 100644 --- a/2008/3xxx/CVE-2008-3427.json +++ b/2008/3xxx/CVE-2008-3427.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3427", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3420. Reason: This candidate is a duplicate of CVE-2008-3420. Notes: All CVE users should reference CVE-2008-3420 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-3427", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3420. Reason: This candidate is a duplicate of CVE-2008-3420. Notes: All CVE users should reference CVE-2008-3420 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3678.json b/2008/3xxx/CVE-2008-3678.json index cc985b960e7..c5903d4098a 100644 --- a/2008/3xxx/CVE-2008-3678.json +++ b/2008/3xxx/CVE-2008-3678.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=619467", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=619467" - }, - { - "name" : "30676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30676" - }, - { - "name" : "31475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31475" - }, - { - "name" : "freeway-searchlinks-xss(44427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freeway-searchlinks-xss(44427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44427" + }, + { + "name": "31475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31475" + }, + { + "name": "30676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30676" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=619467", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=619467" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4141.json b/2008/4xxx/CVE-2008-4141.json index cdc1eb87865..d2e921b6dce 100644 --- a/2008/4xxx/CVE-2008-4141.json +++ b/2008/4xxx/CVE-2008-4141.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6480", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6480" - }, - { - "name" : "http://packetstormsecurity.org/0809-exploits/x10media-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0809-exploits/x10media-rfi.txt" - }, - { - "name" : "31225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31225" - }, - { - "name" : "ADV-2008-2608", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2608" - }, - { - "name" : "31920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31920" - }, - { - "name" : "4294", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4294" - }, - { - "name" : "x10-webroot-file-include(45224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31225" + }, + { + "name": "http://packetstormsecurity.org/0809-exploits/x10media-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0809-exploits/x10media-rfi.txt" + }, + { + "name": "4294", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4294" + }, + { + "name": "x10-webroot-file-include(45224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45224" + }, + { + "name": "31920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31920" + }, + { + "name": "6480", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6480" + }, + { + "name": "ADV-2008-2608", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2608" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4224.json b/2008/4xxx/CVE-2008-4224.json index b07a6f826ca..289b4bcf536 100644 --- a/2008/4xxx/CVE-2008-4224.json +++ b/2008/4xxx/CVE-2008-4224.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3338", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3338" - }, - { - "name" : "APPLE-SA-2008-12-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" - }, - { - "name" : "TA08-350A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" - }, - { - "name" : "32839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32839" - }, - { - "name" : "32872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32872" - }, - { - "name" : "ADV-2008-3444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3444" - }, - { - "name" : "1021410", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021410" - }, - { - "name" : "33179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3444" + }, + { + "name": "32872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32872" + }, + { + "name": "TA08-350A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" + }, + { + "name": "1021410", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021410" + }, + { + "name": "33179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33179" + }, + { + "name": "32839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32839" + }, + { + "name": "http://support.apple.com/kb/HT3338", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3338" + }, + { + "name": "APPLE-SA-2008-12-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4306.json b/2008/4xxx/CVE-2008-4306.json index 77ea2e10b1f..3cd4abd2866 100644 --- a/2008/4xxx/CVE-2008-4306.json +++ b/2008/4xxx/CVE-2008-4306.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081117 rPSA-2008-0321-1 enscript", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498385/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2887", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2887" - }, - { - "name" : "DSA-1670", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1670" - }, - { - "name" : "FEDORA-2008-9351", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html" - }, - { - "name" : "FEDORA-2008-9372", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html" - }, - { - "name" : "GLSA-200812-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-02.xml" - }, - { - "name" : "MDVSA-2008:243", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:243" - }, - { - "name" : "RHSA-2008:1016", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1016.html" - }, - { - "name" : "RHSA-2008:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1021.html" - }, - { - "name" : "SUSE-SR:2008:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html" - }, - { - "name" : "USN-660-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-660-1" - }, - { - "name" : "49569", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49569" - }, - { - "name" : "oval:org.mitre.oval:def:10718", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10718" - }, - { - "name" : "32530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32530" - }, - { - "name" : "33109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33109" - }, - { - "name" : "32970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32970" - }, - { - "name" : "32521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32521" - }, - { - "name" : "32753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32753" - }, - { - "name" : "32854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10718", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10718" + }, + { + "name": "32521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32521" + }, + { + "name": "49569", + "refsource": "OSVDB", + "url": "http://osvdb.org/49569" + }, + { + "name": "SUSE-SR:2008:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html" + }, + { + "name": "FEDORA-2008-9372", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html" + }, + { + "name": "FEDORA-2008-9351", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html" + }, + { + "name": "RHSA-2008:1016", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1016.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm" + }, + { + "name": "USN-660-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-660-1" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321" + }, + { + "name": "GLSA-200812-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-02.xml" + }, + { + "name": "20081117 rPSA-2008-0321-1 enscript", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498385/100/0/threaded" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2887", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2887" + }, + { + "name": "32854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32854" + }, + { + "name": "MDVSA-2008:243", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:243" + }, + { + "name": "32970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32970" + }, + { + "name": "32530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32530" + }, + { + "name": "DSA-1670", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1670" + }, + { + "name": "32753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32753" + }, + { + "name": "33109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33109" + }, + { + "name": "RHSA-2008:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1021.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4397.json b/2008/4xxx/CVE-2008-4397.json index dbbe79be37a..c6c49221f53 100644 --- a/2008/4xxx/CVE-2008-4397.json +++ b/2008/4xxx/CVE-2008-4397.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081011 CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497281/100/0/threaded" - }, - { - "name" : "20081009 CA ARCserve Backup Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497218" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143" - }, - { - "name" : "31684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31684" - }, - { - "name" : "ADV-2008-2777", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2777" - }, - { - "name" : "1021032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021032" - }, - { - "name" : "32220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32220" - }, - { - "name" : "4412", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4412" - }, - { - "name" : "ca-arcservebackup-message-command-execution(45774)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31684" + }, + { + "name": "ca-arcservebackup-message-command-execution(45774)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45774" + }, + { + "name": "ADV-2008-2777", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2777" + }, + { + "name": "1021032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021032" + }, + { + "name": "20081011 CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497281/100/0/threaded" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143" + }, + { + "name": "32220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32220" + }, + { + "name": "20081009 CA ARCserve Backup Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497218" + }, + { + "name": "4412", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4412" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7011.json b/2008/7xxx/CVE-2008-7011.json index a0cd216bd96..943cb1ebee8 100644 --- a/2008/7xxx/CVE-2008-7011.json +++ b/2008/7xxx/CVE-2008-7011.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080916 Failed assertion in the Unreal engine", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496399/100/0/threaded" - }, - { - "name" : "20080916 Failed assertion in the Unreal engine", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html" - }, - { - "name" : "31205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31205" - }, - { - "name" : "48293", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31205" + }, + { + "name": "20080916 Failed assertion in the Unreal engine", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html" + }, + { + "name": "48293", + "refsource": "OSVDB", + "url": "http://osvdb.org/48293" + }, + { + "name": "20080916 Failed assertion in the Unreal engine", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496399/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2464.json b/2013/2xxx/CVE-2013-2464.json index acfff05bbaf..be5fda36de3 100644 --- a/2013/2xxx/CVE-2013-2464.json +++ b/2013/2xxx/CVE-2013-2464.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1293", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "SUSE-SU-2013:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" - }, - { - "name" : "SUSE-SU-2013:1264", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60631" - }, - { - "name" : "oval:org.mitre.oval:def:16389", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16389" - }, - { - "name" : "oval:org.mitre.oval:def:19227", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19227" - }, - { - "name" : "oval:org.mitre.oval:def:19390", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19390" - }, - { - "name" : "oval:org.mitre.oval:def:19708", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19708" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "oval:org.mitre.oval:def:19227", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19227" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1264", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "oval:org.mitre.oval:def:19708", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19708" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "60631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60631" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "SUSE-SU-2013:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "oval:org.mitre.oval:def:16389", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16389" + }, + { + "name": "SUSE-SU-2013:1293", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" + }, + { + "name": "RHSA-2013:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "oval:org.mitre.oval:def:19390", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19390" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2543.json b/2013/2xxx/CVE-2013-2543.json index 5ed36a7cff9..8a073b51493 100644 --- a/2013/2xxx/CVE-2013-2543.json +++ b/2013/2xxx/CVE-2013-2543.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2543", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2543", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2668.json b/2013/2xxx/CVE-2013-2668.json index d6c817feadf..6865a9d16f1 100644 --- a/2013/2xxx/CVE-2013-2668.json +++ b/2013/2xxx/CVE-2013-2668.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2668", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2668", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2730.json b/2013/2xxx/CVE-2013-2730.json index 67e767663a8..dd7c403f690 100644 --- a/2013/2xxx/CVE-2013-2730.json +++ b/2013/2xxx/CVE-2013-2730.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-2730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0826", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html" - }, - { - "name" : "SUSE-SU-2013:0809", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" - }, - { - "name" : "59923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59923" - }, - { - "name" : "oval:org.mitre.oval:def:16631", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html" + }, + { + "name": "SUSE-SU-2013:0809", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" + }, + { + "name": "RHSA-2013:0826", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html" + }, + { + "name": "59923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59923" + }, + { + "name": "oval:org.mitre.oval:def:16631", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16631" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2765.json b/2013/2xxx/CVE-2013-2765.json index fbc76d923c2..16144459df8 100644 --- a/2013/2xxx/CVE-2013-2765.json +++ b/2013/2xxx/CVE-2013-2765.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130528 [SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html" - }, - { - "name" : "[mod-security-users] 20130527 Availability of ModSecurity 2.7.4 Stable Release", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=30900019" - }, - { - "name" : "http://www.shookalabs.com/", - "refsource" : "MISC", - "url" : "http://www.shookalabs.com/" - }, - { - "name" : "https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py", - "refsource" : "MISC", - "url" : "https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py" - }, - { - "name" : "https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba", - "refsource" : "MISC", - "url" : "https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba" - }, - { - "name" : "http://www.modsecurity.org/", - "refsource" : "CONFIRM", - "url" : "http://www.modsecurity.org/" - }, - { - "name" : "https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=967615", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=967615" - }, - { - "name" : "openSUSE-SU-2013:1331", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html" - }, - { - "name" : "openSUSE-SU-2013:1336", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html" - }, - { - "name" : "openSUSE-SU-2013:1342", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mod-security-users] 20130527 Availability of ModSecurity 2.7.4 Stable Release", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=30900019" + }, + { + "name": "openSUSE-SU-2013:1342", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=967615", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=967615" + }, + { + "name": "openSUSE-SU-2013:1331", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html" + }, + { + "name": "20130528 [SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html" + }, + { + "name": "https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES", + "refsource": "CONFIRM", + "url": "https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES" + }, + { + "name": "http://www.shookalabs.com/", + "refsource": "MISC", + "url": "http://www.shookalabs.com/" + }, + { + "name": "http://www.modsecurity.org/", + "refsource": "CONFIRM", + "url": "http://www.modsecurity.org/" + }, + { + "name": "https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py", + "refsource": "MISC", + "url": "https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py" + }, + { + "name": "https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba", + "refsource": "MISC", + "url": "https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba" + }, + { + "name": "openSUSE-SU-2013:1336", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3269.json b/2013/3xxx/CVE-2013-3269.json index 29a62ab4d35..c891ea0f291 100644 --- a/2013/3xxx/CVE-2013-3269.json +++ b/2013/3xxx/CVE-2013-3269.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20130415up11.php", - "refsource" : "CONFIRM", - "url" : "http://cs.cybozu.co.jp/information/20130415up11.php" - }, - { - "name" : "http://jvn.jp/en/jp/JVN06251813/374951/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN06251813/374951/index.html" - }, - { - "name" : "JVN#06251813", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN06251813/index.html" - }, - { - "name" : "JVNDB-2013-000034", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034" - }, - { - "name" : "cybozuoffice-cve20133269-csrf(83812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20130415up11.php", + "refsource": "CONFIRM", + "url": "http://cs.cybozu.co.jp/information/20130415up11.php" + }, + { + "name": "JVN#06251813", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN06251813/index.html" + }, + { + "name": "cybozuoffice-cve20133269-csrf(83812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812" + }, + { + "name": "http://jvn.jp/en/jp/JVN06251813/374951/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html" + }, + { + "name": "JVNDB-2013-000034", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3634.json b/2013/3xxx/CVE-2013-3634.json index c3dd9c55f4b..1e0f3df8c3c 100644 --- a/2013/3xxx/CVE-2013-3634.json +++ b/2013/3xxx/CVE-2013-3634.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6103.json b/2013/6xxx/CVE-2013-6103.json index e816db3ff95..def8d765f1d 100644 --- a/2013/6xxx/CVE-2013-6103.json +++ b/2013/6xxx/CVE-2013-6103.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6103", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6103", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6285.json b/2013/6xxx/CVE-2013-6285.json index 1d92680e3d7..e63a14e07a9 100644 --- a/2013/6xxx/CVE-2013-6285.json +++ b/2013/6xxx/CVE-2013-6285.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#911678", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/911678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#911678", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/911678" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6571.json b/2013/6xxx/CVE-2013-6571.json index 89e8774179b..95a0ebf4d7d 100644 --- a/2013/6xxx/CVE-2013-6571.json +++ b/2013/6xxx/CVE-2013-6571.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6571", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6571", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6852.json b/2013/6xxx/CVE-2013-6852.json index b78da740e3f..0bab00543aa 100644 --- a/2013/6xxx/CVE-2013-6852.json +++ b/2013/6xxx/CVE-2013-6852.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28562", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28562/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28562", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28562/" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7096.json b/2013/7xxx/CVE-2013-7096.json index fcaaee8ba54..387caa92b5d 100644 --- a/2013/7xxx/CVE-2013-7096.json +++ b/2013/7xxx/CVE-2013-7096.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-13-024-sap-emr-unwired-multiple-sql-injections/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-13-024-sap-emr-unwired-multiple-sql-injections/" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1864518", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1864518" - }, - { - "name" : "64314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64314" - }, - { - "name" : "emr-cve20137096-sql-injection(89723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "emr-cve20137096-sql-injection(89723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89723" + }, + { + "name": "https://erpscan.io/advisories/erpscan-13-024-sap-emr-unwired-multiple-sql-injections/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-13-024-sap-emr-unwired-multiple-sql-injections/" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "64314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64314" + }, + { + "name": "https://service.sap.com/sap/support/notes/1864518", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1864518" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10601.json b/2017/10xxx/CVE-2017-10601.json index 1fc341277ce..f90933a6127 100644 --- a/2017/10xxx/CVE-2017-10601.json +++ b/2017/10xxx/CVE-2017-10601.json @@ -1,124 +1,124 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2017-07-12T09:00", - "ID" : "CVE-2017-10601", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: Insufficient authentication for user login when a specific system configuration error occurs." - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "platform" : "", - "version_value" : "12.3 prior to 12.3R10, 12.3R11" - }, - { - "platform" : "", - "version_value" : "12.3X48 prior to 12.3X48-D20" - }, - { - "platform" : "", - "version_value" : "13.2 prior to 13.2R8" - }, - { - "platform" : "", - "version_value" : "13.3 prior to 13.3R7" - }, - { - "platform" : "", - "version_value" : "14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6" - }, - { - "platform" : "", - "version_value" : "14.1X53 prior to 14.1X53-D30" - }, - { - "platform" : "", - "version_value" : "14.2 prior to 14.2R4" - }, - { - "platform" : "", - "version_value" : "15.1 prior to 15.1F2, 15.1F3, 15.1R2" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [], - "credit" : [], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2." - } - ] - }, - "exploit" : "This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass vulnerability " - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2017-07-12T09:00", + "ID": "CVE-2017-10601", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Insufficient authentication for user login when a specific system configuration error occurs." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "", + "version_value": "12.3 prior to 12.3R10, 12.3R11" + }, + { + "platform": "", + "version_value": "12.3X48 prior to 12.3X48-D20" + }, + { + "platform": "", + "version_value": "13.2 prior to 13.2R8" + }, + { + "platform": "", + "version_value": "13.3 prior to 13.3R7" + }, + { + "platform": "", + "version_value": "14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6" + }, + { + "platform": "", + "version_value": "14.1X53 prior to 14.1X53-D30" + }, + { + "platform": "", + "version_value": "14.2 prior to 14.2R4" + }, + { + "platform": "", + "version_value": "15.1 prior to 15.1F2, 15.1F3, 15.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10802", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10802" - }, - { - "name" : "1038902", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038902" - } - ] - }, - "solution" : "The following software releases have been updated to resolve this specific issue: 12.3R10, 12.3R11, 12.3X48-D20, 13.2R8, 13.3R7, 14.1R4-S12, 14.1R5, 14.1R6, 14.1X53-D30, 14.2R4, 15.1F2, 15.1F3, 15.1R2, 15.1X49-D10, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1075580 and is visible on the Customer Support website.", - "work_around" : [ - { - "lang" : "eng", - "value" : "Make sure authentication works as expected after a system configuration change.\n\nUse the SSH certificate based authentication.\n\nUse access lists or firewall filters to limit access to the device only from trusted administrative hosts, networks and users." - } - ] -} + } + }, + "configuration": [], + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2." + } + ] + }, + "exploit": "This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10802", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10802" + }, + { + "name": "1038902", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038902" + } + ] + }, + "solution": "The following software releases have been updated to resolve this specific issue: 12.3R10, 12.3R11, 12.3X48-D20, 13.2R8, 13.3R7, 14.1R4-S12, 14.1R5, 14.1R6, 14.1X53-D30, 14.2R4, 15.1F2, 15.1F3, 15.1R2, 15.1X49-D10, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1075580 and is visible on the Customer Support website.", + "work_around": [ + { + "lang": "eng", + "value": "Make sure authentication works as expected after a system configuration change.\n\nUse the SSH certificate based authentication.\n\nUse access lists or firewall filters to limit access to the device only from trusted administrative hosts, networks and users." + } + ] +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10650.json b/2017/10xxx/CVE-2017-10650.json index 85cf85dd6dd..58cd7a9d45f 100644 --- a/2017/10xxx/CVE-2017-10650.json +++ b/2017/10xxx/CVE-2017-10650.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10650", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10650", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10855.json b/2017/10xxx/CVE-2017-10855.json index 42957ae29c2..02f3a67cd26 100644 --- a/2017/10xxx/CVE-2017-10855.json +++ b/2017/10xxx/CVE-2017-10855.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FENCE-Explorer for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "V8.4.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "FUJITSU LIMITED " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FENCE-Explorer for Windows", + "version": { + "version_data": [ + { + "version_value": "V8.4.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "FUJITSU LIMITED " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fujitsu.com/jp/group/bsc/services/fence/info-2017080101.html", - "refsource" : "MISC", - "url" : "http://www.fujitsu.com/jp/group/bsc/services/fence/info-2017080101.html" - }, - { - "name" : "JVN#57205588", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN57205588/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#57205588", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN57205588/index.html" + }, + { + "name": "http://www.fujitsu.com/jp/group/bsc/services/fence/info-2017080101.html", + "refsource": "MISC", + "url": "http://www.fujitsu.com/jp/group/bsc/services/fence/info-2017080101.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10868.json b/2017/10xxx/CVE-2017-10868.json index 687a9eef989..40c59280c21 100644 --- a/2017/10xxx/CVE-2017-10868.json +++ b/2017/10xxx/CVE-2017-10868.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "H2O", - "version" : { - "version_data" : [ - { - "version_value" : "version 2.2.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Kazuho Oku" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial-of-service (DoS)" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "H2O", + "version": { + "version_data": [ + { + "version_value": "version 2.2.2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Kazuho Oku" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/h2o/h2o/issues/1459", - "refsource" : "CONFIRM", - "url" : "https://github.com/h2o/h2o/issues/1459" - }, - { - "name" : "JVN#84182676", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN84182676/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/h2o/h2o/issues/1459", + "refsource": "CONFIRM", + "url": "https://github.com/h2o/h2o/issues/1459" + }, + { + "name": "JVN#84182676", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN84182676/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14115.json b/2017/14xxx/CVE-2017-14115.json index c6376e06204..a277a9fd9da 100644 --- a/2017/14xxx/CVE-2017-14115.json +++ b/2017/14xxx/CVE-2017-14115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a \"Terminal shell v1.0\" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/", - "refsource" : "MISC", - "url" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/" - }, - { - "name" : "https://www.nomotion.net/blog/sharknatto/", - "refsource" : "MISC", - "url" : "https://www.nomotion.net/blog/sharknatto/" - }, - { - "name" : "100585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a \"Terminal shell v1.0\" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/", + "refsource": "MISC", + "url": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/" + }, + { + "name": "100585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100585" + }, + { + "name": "https://www.nomotion.net/blog/sharknatto/", + "refsource": "MISC", + "url": "https://www.nomotion.net/blog/sharknatto/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14511.json b/2017/14xxx/CVE-2017-14511.json index 6f12139ca6e..03168182ea9 100644 --- a/2017/14xxx/CVE-2017-14511.json +++ b/2017/14xxx/CVE-2017-14511.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/", - "refsource" : "MISC", - "url" : "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2507798", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2507798" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/email-verification-bypass-in-sap-e-recruiting/index.html", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/email-verification-bypass-in-sap-e-recruiting/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/en/blog/advisories/email-verification-bypass-in-sap-e-recruiting/index.html", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/email-verification-bypass-in-sap-e-recruiting/index.html" + }, + { + "name": "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/", + "refsource": "MISC", + "url": "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2507798", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2507798" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14909.json b/2017/14xxx/CVE-2017-14909.json index 73263222f48..e46d912406f 100644 --- a/2017/14xxx/CVE-2017-14909.json +++ b/2017/14xxx/CVE-2017-14909.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-14909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow to Buffer Overflow in GPS" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-14909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow in GPS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + }, + { + "name": "102072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102072" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14910.json b/2017/14xxx/CVE-2017-14910.json index 92814d8e935..ae34c3143b9 100644 --- a/2017/14xxx/CVE-2017-14910.json +++ b/2017/14xxx/CVE-2017-14910.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-14910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon IoT, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in Sphinx" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-14910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon IoT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in Sphinx" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-02-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15436.json b/2017/15xxx/CVE-2017-15436.json index eed3a350bce..9bd408cc981 100644 --- a/2017/15xxx/CVE-2017-15436.json +++ b/2017/15xxx/CVE-2017-15436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15436", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15436", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17203.json b/2017/17xxx/CVE-2017-17203.json index 77bc2144c4b..ef2964a50bb 100644 --- a/2017/17xxx/CVE-2017-17203.json +++ b/2017/17xxx/CVE-2017-17203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17203", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17203", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17424.json b/2017/17xxx/CVE-2017-17424.json index 690e14932a5..8e22455c424 100644 --- a/2017/17xxx/CVE-2017-17424.json +++ b/2017/17xxx/CVE-2017-17424.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-17424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quest NetVault Backup", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0.12" - } - ] - } - } - ] - }, - "vendor_name" : "Quest" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4235." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-17424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quest NetVault Backup", + "version": { + "version_data": [ + { + "version_value": "11.3.0.12" + } + ] + } + } + ] + }, + "vendor_name": "Quest" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-977", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4235." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-977", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-977" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17510.json b/2017/17xxx/CVE-2017-17510.json index ad1133e0595..bf024499bfa 100644 --- a/2017/17xxx/CVE-2017-17510.json +++ b/2017/17xxx/CVE-2017-17510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17510", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17510", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17820.json b/2017/17xxx/CVE-2017-17820.json index cc54bf68a13..ed16ed04b76 100644 --- a/2017/17xxx/CVE-2017-17820.json +++ b/2017/17xxx/CVE-2017-17820.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392433", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392433" - }, - { - "name" : "USN-3694-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3694-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3694-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3694-1/" + }, + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392433", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392433" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9013.json b/2017/9xxx/CVE-2017-9013.json index 497fbe1d25b..7fd4992c5e5 100644 --- a/2017/9xxx/CVE-2017-9013.json +++ b/2017/9xxx/CVE-2017-9013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9262.json b/2017/9xxx/CVE-2017-9262.json index fed1ba62d3c..54f0935ceb2 100644 --- a/2017/9xxx/CVE-2017-9262.json +++ b/2017/9xxx/CVE-2017-9262.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/475", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/475" - }, - { - "name" : "98735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/475", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/475" + }, + { + "name": "98735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98735" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9816.json b/2017/9xxx/CVE-2017-9816.json index 511d826f1f6..4430fb738dc 100644 --- a/2017/9xxx/CVE-2017-9816.json +++ b/2017/9xxx/CVE-2017-9816.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.paessler.com/prtg/history/stable", - "refsource" : "CONFIRM", - "url" : "https://www.paessler.com/prtg/history/stable" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.paessler.com/prtg/history/stable", + "refsource": "CONFIRM", + "url": "https://www.paessler.com/prtg/history/stable" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9931.json b/2017/9xxx/CVE-2017-9931.json index 2bda771d556..8fcf6ee2d29 100644 --- a/2017/9xxx/CVE-2017-9931.json +++ b/2017/9xxx/CVE-2017-9931.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://iscouncil.blogspot.com/2017/07/green-packet-dx-350-vulnerable-to-cross.html", - "refsource" : "MISC", - "url" : "https://iscouncil.blogspot.com/2017/07/green-packet-dx-350-vulnerable-to-cross.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://iscouncil.blogspot.com/2017/07/green-packet-dx-350-vulnerable-to-cross.html", + "refsource": "MISC", + "url": "https://iscouncil.blogspot.com/2017/07/green-packet-dx-350-vulnerable-to-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0030.json b/2018/0xxx/CVE-2018-0030.json index 472b6ba564f..75589901d2f 100644 --- a/2018/0xxx/CVE-2018-0030.json +++ b/2018/0xxx/CVE-2018-0030.json @@ -1,176 +1,176 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-07-11T16:00:00.000Z", - "ID" : "CVE-2018-0030", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) and PTX1K: Line card may crash upon receipt of specific MPLS packet." - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-07-11T16:00:00.000Z", + "ID": "CVE-2018-0030", + "STATE": "PUBLIC", + "TITLE": "Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) and PTX1K: Line card may crash upon receipt of specific MPLS packet." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "15.1F", + "version_value": "15.1F6-S10" + }, + { + "affected": "<", + "version_name": "15.1", + "version_value": "15.1R4-S9, 15.1R6-S6, 15.1R7" + }, + { + "affected": "<", + "version_name": "16.1", + "version_value": "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7" + }, + { + "affected": "<", + "version_name": "16.1X65", + "version_value": "16.1X65-D46" + }, + { + "affected": "<", + "version_name": "16.2", + "version_value": "16.2R1-S6, 16.2R2-S5, 16.2R3" + }, + { + "affected": "<", + "version_name": "17.1", + "version_value": "17.1R1-S7, 17.1R2-S7, 17.1R3" + }, + { + "affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S4, 17.2R2-S4, 17.2R3" + }, + { + "affected": "<", + "version_name": "17.2X75", + "version_value": "17.2X75-D70" + }, + { + "affected": "<", + "version_name": "17.3", + "version_value": "17.3R1-S4, 17.3R2" + }, + { + "affected": "<", + "version_name": "17.4", + "version_value": "17.4R1-S2, 17.4R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue only affects device with MPLS configured.\n\nThis issue only affects Junos OS platforms with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "15.1F", - "version_value" : "15.1F6-S10" - }, - { - "affected" : "<", - "version_name" : "15.1", - "version_value" : "15.1R4-S9, 15.1R6-S6, 15.1R7" - }, - { - "affected" : "<", - "version_name" : "16.1", - "version_value" : "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7" - }, - { - "affected" : "<", - "version_name" : "16.1X65", - "version_value" : "16.1X65-D46" - }, - { - "affected" : "<", - "version_name" : "16.2", - "version_value" : "16.2R1-S6, 16.2R2-S5, 16.2R3" - }, - { - "affected" : "<", - "version_name" : "17.1", - "version_value" : "17.1R1-S7, 17.1R2-S7, 17.1R3" - }, - { - "affected" : "<", - "version_name" : "17.2", - "version_value" : "17.2R1-S4, 17.2R2-S4, 17.2R3" - }, - { - "affected" : "<", - "version_name" : "17.2X75", - "version_value" : "17.2X75-D70" - }, - { - "affected" : "<", - "version_name" : "17.3", - "version_value" : "17.3R1-S4, 17.3R2" - }, - { - "affected" : "<", - "version_name" : "17.4", - "version_value" : "17.4R1-S2, 17.4R2" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" + "lang": "eng", + "value": "Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards." } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "This issue only affects device with MPLS configured.\n\nThis issue only affects Junos OS platforms with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/KB25385", - "refsource" : "MISC", - "url" : "https://kb.juniper.net/KB25385" - }, - { - "name" : "https://kb.juniper.net/JSA10864", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10864" - }, - { - "name" : "1041325", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041325" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D471, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.1X65-D46, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R2-S4, 17.2R3, 17.2X75-D70, 17.3R1-S4, 17.3R2, 17.4R1-S2, 17.4R2, 18.1R1, 18.1X75-D10 and all subsequent releases.\nThis fix has been proactively committed into other releases that might not support these specific line card.\n\n" - } - ], - "source" : { - "advisory" : "JSA10864", - "defect" : [ - "1323069" - ], - "discovery" : "USER" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "No available workaround exists for this issue." - } - ] -} + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10864", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10864" + }, + { + "name": "https://kb.juniper.net/KB25385", + "refsource": "MISC", + "url": "https://kb.juniper.net/KB25385" + }, + { + "name": "1041325", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041325" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D471, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.1X65-D46, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R2-S4, 17.2R3, 17.2X75-D70, 17.3R1-S4, 17.3R2, 17.4R1-S2, 17.4R2, 18.1R1, 18.1X75-D10 and all subsequent releases.\nThis fix has been proactively committed into other releases that might not support these specific line card.\n\n" + } + ], + "source": { + "advisory": "JSA10864", + "defect": [ + "1323069" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "No available workaround exists for this issue." + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0275.json b/2018/0xxx/CVE-2018-0275.json index be1da92dc92..c129371a0a5 100644 --- a/2018/0xxx/CVE-2018-0275.json +++ b/2018/0xxx/CVE-2018-0275.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Identity Services Engine" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-16" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine", + "version": { + "version_data": [ + { + "version_value": "Cisco Identity Services Engine" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise" - }, - { - "name" : "1040717", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-16" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040717", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040717" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0416.json b/2018/0xxx/CVE-2018-0416.json index c09fb475808..6b83249cef9 100644 --- a/2018/0xxx/CVE-2018-0416.json +++ b/2018/0xxx/CVE-2018-0416.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-17T16:00:00-0500", - "ID" : "CVE-2018-0416", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Wireless LAN Controller Software Information Disclosure Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wireless LAN Controller (WLC) ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting specific URLs via the web-based interface. A successful exploit could allow the attacker to view sensitive system information." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "5.3", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-17T16:00:00-0500", + "ID": "CVE-2018-0416", + "STATE": "PUBLIC", + "TITLE": "Cisco Wireless LAN Controller Software Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wireless LAN Controller (WLC) ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181017 Cisco Wireless LAN Controller Software Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-id" - }, - { - "name" : "105675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105675" - }, - { - "name" : "1041928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041928" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181017-wlc-id", - "defect" : [ - [ - "CSCvj95336" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting specific URLs via the web-based interface. A successful exploit could allow the attacker to view sensitive system information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041928" + }, + { + "name": "105675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105675" + }, + { + "name": "20181017 Cisco Wireless LAN Controller Software Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-id" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181017-wlc-id", + "defect": [ + [ + "CSCvj95336" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0867.json b/2018/0xxx/CVE-2018-0867.json index 257c9adc945..79d42f34829 100644 --- a/2018/0xxx/CVE-2018-0867.json +++ b/2018/0xxx/CVE-2018-0867.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0867", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0867", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0911.json b/2018/0xxx/CVE-2018-0911.json index dd9868e2ad3..7262fcc45e7 100644 --- a/2018/0xxx/CVE-2018-0911.json +++ b/2018/0xxx/CVE-2018-0911.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0911", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0911" - }, - { - "name" : "103281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103281" - }, - { - "name" : "1040513", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103281" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0911", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0911" + }, + { + "name": "1040513", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040513" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000011.json b/2018/1000xxx/CVE-2018-1000011.json index e780daf4efa..ed281c49765 100644 --- a/2018/1000xxx/CVE-2018-1000011.json +++ b/2018/1000xxx/CVE-2018-1000011.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-01-22", - "ID" : "CVE-2018-1000011", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins FindBugs Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "4.71 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins FindBugs Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity Processing" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-01-22", + "ID": "CVE-2018-1000011", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-01-22/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-01-22/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-01-22/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000105.json b/2018/1000xxx/CVE-2018-1000105.json index 6930763c233..6a854032efb 100644 --- a/2018/1000xxx/CVE-2018-1000105.json +++ b/2018/1000xxx/CVE-2018-1000105.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-02-26", - "ID" : "CVE-2018-1000105", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Gerrit Trigger Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.27.4 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285, CWE-201" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-02-26", + "ID": "CVE-2018-1000105", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-402", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-402", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-402" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000873.json b/2018/1000xxx/CVE-2018-1000873.json index f872a999373..d7259e2e176 100644 --- a/2018/1000xxx/CVE-2018-1000873.json +++ b/2018/1000xxx/CVE-2018-1000873.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-19T20:52:45.260099", - "DATE_REQUESTED" : "2018-12-17T16:15:43", - "ID" : "CVE-2018-1000873", - "REQUESTER" : "secure@veritas.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jackson", - "version" : { - "version_data" : [ - { - "version_value" : "Before 2.9.8" - } - ] - } - } - ] - }, - "vendor_name" : "Fasterxml" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20: Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-19T20:52:45.260099", + "DATE_REQUESTED": "2018-12-17T16:15:43", + "ID": "CVE-2018-1000873", + "REQUESTER": "secure@veritas.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FasterXML/jackson-modules-java8/issues/90", - "refsource" : "MISC", - "url" : "https://github.com/FasterXML/jackson-modules-java8/issues/90" - }, - { - "name" : "https://github.com/FasterXML/jackson-modules-java8/pull/87", - "refsource" : "MISC", - "url" : "https://github.com/FasterXML/jackson-modules-java8/pull/87" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1665601", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1665601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FasterXML/jackson-modules-java8/pull/87", + "refsource": "MISC", + "url": "https://github.com/FasterXML/jackson-modules-java8/pull/87" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1665601", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665601" + }, + { + "name": "https://github.com/FasterXML/jackson-modules-java8/issues/90", + "refsource": "MISC", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues/90" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16932.json b/2018/16xxx/CVE-2018-16932.json index 5308a616c2e..d4fa5b01a4c 100644 --- a/2018/16xxx/CVE-2018-16932.json +++ b/2018/16xxx/CVE-2018-16932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16932", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16932", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17997.json b/2018/17xxx/CVE-2018-17997.json index 0b1e3ff793a..200be474ccb 100644 --- a/2018/17xxx/CVE-2018-17997.json +++ b/2018/17xxx/CVE-2018-17997.json @@ -1,18 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17997", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LayerBB 1.1.1 allows XSS via the titles of conversations (PMs)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46079", + "url": "https://www.exploit-db.com/exploits/46079/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/AndyRixon/LayerBB/commits/master", + "url": "https://github.com/AndyRixon/LayerBB/commits/master" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19008.json b/2018/19xxx/CVE-2018-19008.json index da3a09394b7..8d6242c29ca 100644 --- a/2018/19xxx/CVE-2018-19008.json +++ b/2018/19xxx/CVE-2018-19008.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-01-17T00:00:00", - "ID" : "CVE-2018-19008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ABB CP400 Panel Builder TextEditor 2.0", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 2.0.7.05 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER INPUT VALIDATION CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-01-17T00:00:00", + "ID": "CVE-2018-19008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ABB CP400 Panel Builder TextEditor 2.0", + "version": { + "version_data": [ + { + "version_value": "Versions 2.0.7.05 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-02" - }, - { - "name" : "106658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106658" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19094.json b/2018/19xxx/CVE-2018-19094.json index 81317006ddc..8a4e8aa109c 100644 --- a/2018/19xxx/CVE-2018-19094.json +++ b/2018/19xxx/CVE-2018-19094.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19094", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19094", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19381.json b/2018/19xxx/CVE-2018-19381.json index 0d3786028a3..3eecc0d2494 100644 --- a/2018/19xxx/CVE-2018-19381.json +++ b/2018/19xxx/CVE-2018-19381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19621.json b/2018/19xxx/CVE-2018-19621.json index 5b42752366c..5ebc2c0c244 100644 --- a/2018/19xxx/CVE-2018-19621.json +++ b/2018/19xxx/CVE-2018-19621.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf", - "refsource" : "MISC", - "url" : "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf", + "refsource": "MISC", + "url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19649.json b/2018/19xxx/CVE-2018-19649.json index 28793f9ed62..afd60e69203 100644 --- a/2018/19xxx/CVE-2018-19649.json +++ b/2018/19xxx/CVE-2018-19649.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/20" - }, - { - "name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" + }, + { + "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19717.json b/2018/19xxx/CVE-2018-19717.json index 79af3ae549b..85355e34af5 100644 --- a/2018/19xxx/CVE-2018-19717.json +++ b/2018/19xxx/CVE-2018-19717.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-19717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-19717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1346.json b/2018/1xxx/CVE-2018-1346.json index 69e76706b54..b3cd4b032ce 100644 --- a/2018/1xxx/CVE-2018-1346.json +++ b/2018/1xxx/CVE-2018-1346.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2018-1346", - "STATE" : "PUBLIC", - "TITLE" : "NetIQ eDirectory Denial of Service" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eDirectory", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "prior to (9.1)", - "version_value" : "9.1" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Addresses denial of service attack to eDirectory versions prior to 9.1." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 3.1, - "baseSeverity" : "LOW", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2018-1346", + "STATE": "PUBLIC", + "TITLE": "NetIQ eDirectory Denial of Service" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eDirectory", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "prior to (9.1)", + "version_value": "9.1" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html" - }, - { - "name" : "103493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103493" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Upgrade to eDiectory 9.1" - } - ], - "source" : { - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Addresses denial of service attack to eDirectory versions prior to 9.1." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html" + }, + { + "name": "103493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103493" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to eDiectory 9.1" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4331.json b/2018/4xxx/CVE-2018-4331.json index 9eb9879d2c5..7014850dd78 100644 --- a/2018/4xxx/CVE-2018-4331.json +++ b/2018/4xxx/CVE-2018-4331.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4331", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4331", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4578.json b/2018/4xxx/CVE-2018-4578.json index 762dfe16297..ac8e5ce808c 100644 --- a/2018/4xxx/CVE-2018-4578.json +++ b/2018/4xxx/CVE-2018-4578.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4578", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4578", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4711.json b/2018/4xxx/CVE-2018-4711.json index 56eab94955a..1067e812f37 100644 --- a/2018/4xxx/CVE-2018-4711.json +++ b/2018/4xxx/CVE-2018-4711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4787.json b/2018/4xxx/CVE-2018-4787.json index faf4e3e2063..d481bd93421 100644 --- a/2018/4xxx/CVE-2018-4787.json +++ b/2018/4xxx/CVE-2018-4787.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4787", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4787", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4847.json b/2018/4xxx/CVE-2018-4847.json index 5ed25f419ea..4eb01d664ba 100644 --- a/2018/4xxx/CVE-2018-4847.json +++ b/2018/4xxx/CVE-2018-4847.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-04-18T00:00:00", - "ID" : "CVE-2018-4847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIMATIC WinCC OA Operator iOS App", - "version" : { - "version_data" : [ - { - "version_value" : "All versions < V1.4" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-538: File and Directory Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-04-18T00:00:00", + "ID": "CVE-2018-4847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIMATIC WinCC OA Operator iOS App", + "version": { + "version_data": [ + { + "version_value": "All versions < V1.4" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf" - }, - { - "name" : "103941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-538: File and Directory Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103941" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf" + } + ] + } +} \ No newline at end of file