From b1c93576cd1a0f0c494a9b33a4a584f49f49f1a1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:46:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1205.json | 130 ++++---- 2008/0xxx/CVE-2008-0016.json | 520 ++++++++++++++--------------- 2008/0xxx/CVE-2008-0281.json | 160 ++++----- 2008/0xxx/CVE-2008-0360.json | 160 ++++----- 2008/0xxx/CVE-2008-0380.json | 150 ++++----- 2008/0xxx/CVE-2008-0984.json | 240 ++++++------- 2008/3xxx/CVE-2008-3255.json | 160 ++++----- 2008/3xxx/CVE-2008-3331.json | 210 ++++++------ 2008/3xxx/CVE-2008-3883.json | 190 +++++------ 2008/3xxx/CVE-2008-3914.json | 370 ++++++++++---------- 2008/4xxx/CVE-2008-4201.json | 230 ++++++------- 2008/4xxx/CVE-2008-4389.json | 170 +++++----- 2008/4xxx/CVE-2008-4980.json | 170 +++++----- 2013/2xxx/CVE-2013-2410.json | 130 ++++---- 2013/2xxx/CVE-2013-2470.json | 430 ++++++++++++------------ 2013/2xxx/CVE-2013-2767.json | 130 ++++---- 2013/2xxx/CVE-2013-2921.json | 190 +++++------ 2013/2xxx/CVE-2013-2948.json | 34 +- 2013/3xxx/CVE-2013-3599.json | 120 +++---- 2013/3xxx/CVE-2013-3788.json | 170 +++++----- 2013/3xxx/CVE-2013-3814.json | 120 +++---- 2013/6xxx/CVE-2013-6057.json | 34 +- 2013/6xxx/CVE-2013-6330.json | 140 ++++---- 2013/7xxx/CVE-2013-7083.json | 34 +- 2013/7xxx/CVE-2013-7115.json | 34 +- 2017/10xxx/CVE-2017-10036.json | 150 ++++----- 2017/10xxx/CVE-2017-10343.json | 140 ++++---- 2017/14xxx/CVE-2017-14171.json | 150 ++++----- 2017/14xxx/CVE-2017-14382.json | 34 +- 2017/14xxx/CVE-2017-14597.json | 120 +++---- 2017/15xxx/CVE-2017-15565.json | 140 ++++---- 2017/17xxx/CVE-2017-17278.json | 34 +- 2017/17xxx/CVE-2017-17845.json | 160 ++++----- 2017/17xxx/CVE-2017-17951.json | 120 +++---- 2017/9xxx/CVE-2017-9140.json | 140 ++++---- 2017/9xxx/CVE-2017-9274.json | 218 ++++++------ 2017/9xxx/CVE-2017-9580.json | 120 +++---- 2018/0xxx/CVE-2018-0217.json | 140 ++++---- 2018/0xxx/CVE-2018-0658.json | 120 +++---- 2018/0xxx/CVE-2018-0816.json | 142 ++++---- 2018/1000xxx/CVE-2018-1000129.json | 154 ++++----- 2018/1000xxx/CVE-2018-1000625.json | 126 +++---- 2018/1000xxx/CVE-2018-1000843.json | 146 ++++---- 2018/19xxx/CVE-2018-19378.json | 34 +- 2018/19xxx/CVE-2018-19399.json | 34 +- 2018/19xxx/CVE-2018-19449.json | 34 +- 2018/19xxx/CVE-2018-19515.json | 83 ++++- 2018/1xxx/CVE-2018-1784.json | 188 +++++------ 2018/4xxx/CVE-2018-4707.json | 34 +- 49 files changed, 3618 insertions(+), 3569 deletions(-) diff --git a/2004/1xxx/CVE-2004-1205.json b/2004/1xxx/CVE-2004-1205.json index 83d68a8bd17..2420f839221 100644 --- a/2004/1xxx/CVE-2004-1205.json +++ b/2004/1xxx/CVE-2004-1205.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041126 PnTresMailer code browser 6.03 Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110149886306037&w=2" - }, - { - "name" : "pntresmailer-information-disclosure(18263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041126 PnTresMailer code browser 6.03 Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110149886306037&w=2" + }, + { + "name": "pntresmailer-information-disclosure(18263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18263" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0016.json b/2008/0xxx/CVE-2008-0016.json index 96c044d1ea7..89c288afe53 100644 --- a/2008/0xxx/CVE-2008-0016.json +++ b/2008/0xxx/CVE-2008-0016.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=443288", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=443288" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=451617", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=451617" - }, - { - "name" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~" - }, - { - "name" : "DSA-1669", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1669" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "DSA-1696", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1696" - }, - { - "name" : "DSA-1649", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1649" - }, - { - "name" : "FEDORA-2008-8401", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html" - }, - { - "name" : "FEDORA-2008-8429", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html" - }, - { - "name" : "MDVSA-2008:205", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205" - }, - { - "name" : "MDVSA-2008:206", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206" - }, - { - "name" : "RHSA-2008:0908", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0908.html" - }, - { - "name" : "RHSA-2008:0882", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0882.html" - }, - { - "name" : "SSA:2008-269-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232" - }, - { - "name" : "SSA:2008-269-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422" - }, - { - "name" : "SSA:2008-270-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html" - }, - { - "name" : "USN-645-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-645-1" - }, - { - "name" : "USN-645-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-645-2" - }, - { - "name" : "31397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31397" - }, - { - "name" : "oval:org.mitre.oval:def:11579", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11579" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "32185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32185" - }, - { - "name" : "32196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32196" - }, - { - "name" : "ADV-2008-2661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2661" - }, - { - "name" : "1020913", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020913" - }, - { - "name" : "32042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32042" - }, - { - "name" : "32092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32092" - }, - { - "name" : "32144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32144" - }, - { - "name" : "32044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32044" - }, - { - "name" : "32082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32082" - }, - { - "name" : "32845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32845" - }, - { - "name" : "31984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31984" - }, - { - "name" : "31985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31985" - }, - { - "name" : "32010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32010" - }, - { - "name" : "32012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32012" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "33434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33434" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2008-269-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "1020913", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020913" + }, + { + "name": "FEDORA-2008-8401", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html" + }, + { + "name": "USN-645-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-645-1" + }, + { + "name": "MDVSA-2008:206", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206" + }, + { + "name": "32144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32144" + }, + { + "name": "32010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32010" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "USN-645-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-645-2" + }, + { + "name": "31985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31985" + }, + { + "name": "SUSE-SA:2008:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=443288", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=443288" + }, + { + "name": "31984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31984" + }, + { + "name": "32185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32185" + }, + { + "name": "32196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32196" + }, + { + "name": "DSA-1669", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1669" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=451617", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=451617" + }, + { + "name": "31397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31397" + }, + { + "name": "32042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32042" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "ADV-2008-2661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2661" + }, + { + "name": "SSA:2008-269-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "32092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32092" + }, + { + "name": "MDVSA-2008:205", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205" + }, + { + "name": "DSA-1696", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1696" + }, + { + "name": "http://download.novell.com/Download?buildid=WZXONb-tqBw~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~" + }, + { + "name": "FEDORA-2008-8429", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html" + }, + { + "name": "RHSA-2008:0882", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html" + }, + { + "name": "32845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32845" + }, + { + "name": "DSA-1649", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1649" + }, + { + "name": "oval:org.mitre.oval:def:11579", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11579" + }, + { + "name": "32012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32012" + }, + { + "name": "33434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33434" + }, + { + "name": "SSA:2008-270-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123" + }, + { + "name": "32044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32044" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-37.html" + }, + { + "name": "RHSA-2008:0908", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0908.html" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + }, + { + "name": "32082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32082" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0281.json b/2008/0xxx/CVE-2008-0281.json index 83de3685985..9ab32fc3ce1 100644 --- a/2008/0xxx/CVE-2008-0281.json +++ b/2008/0xxx/CVE-2008-0281.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080110 (( PoC)) ID-Commerce Security Advisory - SLR-2007-001 (( PoC))", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059537.html" - }, - { - "name" : "20080110 ID-Commerce Security Advisory - SLR-2007-001", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059533.html" - }, - { - "name" : "20080110 ID-Commerce Security Advisory - SLR-2007-001", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059538.html" - }, - { - "name" : "27220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27220" - }, - { - "name" : "idcommerce-liste-sql-injection(39594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "idcommerce-liste-sql-injection(39594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39594" + }, + { + "name": "20080110 ID-Commerce Security Advisory - SLR-2007-001", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059533.html" + }, + { + "name": "20080110 ID-Commerce Security Advisory - SLR-2007-001", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059538.html" + }, + { + "name": "20080110 (( PoC)) ID-Commerce Security Advisory - SLR-2007-001 (( PoC))", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059537.html" + }, + { + "name": "27220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27220" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0360.json b/2008/0xxx/CVE-2008-0360.json index 123ff666b9e..12ad88791c8 100644 --- a/2008/0xxx/CVE-2008-0360.json +++ b/2008/0xxx/CVE-2008-0360.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=120049816924383&w=2" - }, - { - "name" : "4919", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4919" - }, - { - "name" : "http://blogcms.com/wiki/changelog", - "refsource" : "CONFIRM", - "url" : "http://blogcms.com/wiki/changelog" - }, - { - "name" : "27317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27317" - }, - { - "name" : "28523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27317" + }, + { + "name": "4919", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4919" + }, + { + "name": "http://blogcms.com/wiki/changelog", + "refsource": "CONFIRM", + "url": "http://blogcms.com/wiki/changelog" + }, + { + "name": "28523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28523" + }, + { + "name": "20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=120049816924383&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0380.json b/2008/0xxx/CVE-2008-0380.json index f683df3d9cd..00abce8166d 100644 --- a/2008/0xxx/CVE-2008-0380.json +++ b/2008/0xxx/CVE-2008-0380.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4932", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4932" - }, - { - "name" : "27337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27337" - }, - { - "name" : "ADV-2008-0182", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0182" - }, - { - "name" : "28492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28492" + }, + { + "name": "27337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27337" + }, + { + "name": "ADV-2008-0182", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0182" + }, + { + "name": "4932", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4932" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0984.json b/2008/0xxx/CVE-2008-0984.json index 39de954b410..39dd203056c 100644 --- a/2008/0xxx/CVE-2008-0984.json +++ b/2008/0xxx/CVE-2008-0984.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080227 CORE-2008-0130: VLC media player chunk context validation error", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488841/100/0/threaded" - }, - { - "name" : "20080227 CORE-2008-0130: VLC media player chunk context validation error", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2147", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2147" - }, - { - "name" : "http://www.videolan.org/security/sa0802.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa0802.html" - }, - { - "name" : "DSA-1543", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1543" - }, - { - "name" : "GLSA-200803-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml" - }, - { - "name" : "28007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28007" - }, - { - "name" : "ADV-2008-0682", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0682" - }, - { - "name" : "1019510", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019510" - }, - { - "name" : "29122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29122" - }, - { - "name" : "29153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29153" - }, - { - "name" : "29284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29284" - }, - { - "name" : "29766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29122" + }, + { + "name": "29284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29284" + }, + { + "name": "DSA-1543", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1543" + }, + { + "name": "29153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29153" + }, + { + "name": "http://www.videolan.org/security/sa0802.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa0802.html" + }, + { + "name": "28007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28007" + }, + { + "name": "1019510", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019510" + }, + { + "name": "20080227 CORE-2008-0130: VLC media player chunk context validation error", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html" + }, + { + "name": "20080227 CORE-2008-0130: VLC media player chunk context validation error", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488841/100/0/threaded" + }, + { + "name": "29766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29766" + }, + { + "name": "ADV-2008-0682", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0682" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2147", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2147" + }, + { + "name": "GLSA-200803-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3255.json b/2008/3xxx/CVE-2008-3255.json index 79b16ce3c69..10fa4bf806f 100644 --- a/2008/3xxx/CVE-2008-3255.json +++ b/2008/3xxx/CVE-2008-3255.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ln-lab.net/lunar-night.lab/page-dl_webproxy/design-whiteecuni", - "refsource" : "CONFIRM", - "url" : "http://www.ln-lab.net/lunar-night.lab/page-dl_webproxy/design-whiteecuni" - }, - { - "name" : "JVN#49704543", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN49704543/index.html" - }, - { - "name" : "30283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30283" - }, - { - "name" : "31042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31042" - }, - { - "name" : "lunarnight-webproxy-unspecified-xss(43879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30283" + }, + { + "name": "JVN#49704543", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN49704543/index.html" + }, + { + "name": "31042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31042" + }, + { + "name": "lunarnight-webproxy-unspecified-xss(43879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43879" + }, + { + "name": "http://www.ln-lab.net/lunar-night.lab/page-dl_webproxy/design-whiteecuni", + "refsource": "CONFIRM", + "url": "http://www.ln-lab.net/lunar-night.lab/page-dl_webproxy/design-whiteecuni" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3331.json b/2008/3xxx/CVE-2008-3331.json index 4b5dace2c06..b2f5cb2c886 100644 --- a/2008/3xxx/CVE-2008-3331.json +++ b/2008/3xxx/CVE-2008-3331.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121130774617956&w=4" - }, - { - "name" : "5657", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5657" - }, - { - "name" : "http://www.mantisbt.org/bugs/changelog_page.php", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/changelog_page.php" - }, - { - "name" : "GLSA-200809-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml" - }, - { - "name" : "29297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29297" - }, - { - "name" : "30270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30270" - }, - { - "name" : "31972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31972" - }, - { - "name" : "4044", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4044" - }, - { - "name" : "ADV-2008-1598", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1598/references" - }, - { - "name" : "mantis-returndynamicfilters-xss(42549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mantis-returndynamicfilters-xss(42549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549" + }, + { + "name": "http://www.mantisbt.org/bugs/changelog_page.php", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/changelog_page.php" + }, + { + "name": "30270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30270" + }, + { + "name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121130774617956&w=4" + }, + { + "name": "GLSA-200809-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml" + }, + { + "name": "5657", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5657" + }, + { + "name": "31972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31972" + }, + { + "name": "ADV-2008-1598", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1598/references" + }, + { + "name": "29297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29297" + }, + { + "name": "4044", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4044" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3883.json b/2008/3xxx/CVE-2008-3883.json index 67aa92d8bd2..d0035d38be3 100644 --- a/2008/3xxx/CVE-2008-3883.json +++ b/2008/3xxx/CVE-2008-3883.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496404", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496404" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/caudium", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/caudium" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "30897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30897" - }, - { - "name" : "31656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31656" - }, - { - "name" : "caudium-configvar-symlink(44768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "caudium-configvar-symlink(44768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44768" + }, + { + "name": "30897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30897" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496404", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496404" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/caudium", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/caudium" + }, + { + "name": "31656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31656" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3914.json b/2008/3xxx/CVE-2008-3914.json index ff4867a0456..0b0e0381710 100644 --- a/2008/3xxx/CVE-2008-3914.json +++ b/2008/3xxx/CVE-2008-3914.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the \"error path\" in (1) libclamav/others.c and (2) libclamav/sis.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080903 request for CVE: clamav 0.94 release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/03/2" - }, - { - "name" : "[oss-security] 20080904 Re: request for CVE: clamav 0.94 release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/04/13" - }, - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141", - "refsource" : "MISC", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661" - }, - { - "name" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog" - }, - { - "name" : "http://kolab.org/security/kolab-vendor-notice-22.txt", - "refsource" : "CONFIRM", - "url" : "http://kolab.org/security/kolab-vendor-notice-22.txt" - }, - { - "name" : "http://support.apple.com/kb/HT3216", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3216" - }, - { - "name" : "APPLE-SA-2008-10-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" - }, - { - "name" : "DSA-1660", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1660" - }, - { - "name" : "FEDORA-2008-9644", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html" - }, - { - "name" : "FEDORA-2008-9651", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html" - }, - { - "name" : "GLSA-200809-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200809-18.xml" - }, - { - "name" : "MDVSA-2008:189", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189" - }, - { - "name" : "SUSE-SR:2008:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" - }, - { - "name" : "31051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31051" - }, - { - "name" : "31681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31681" - }, - { - "name" : "32424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32424" - }, - { - "name" : "ADV-2008-2564", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2564" - }, - { - "name" : "ADV-2008-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2780" - }, - { - "name" : "1020828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020828" - }, - { - "name" : "32030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32030" - }, - { - "name" : "31906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31906" - }, - { - "name" : "32222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32222" - }, - { - "name" : "32699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32699" - }, - { - "name" : "31982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31982" - }, - { - "name" : "clamav-multiple-unspecified(45058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the \"error path\" in (1) libclamav/others.c and (2) libclamav/sis.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32030" + }, + { + "name": "31051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31051" + }, + { + "name": "31982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31982" + }, + { + "name": "31681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31681" + }, + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141", + "refsource": "MISC", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141" + }, + { + "name": "[oss-security] 20080904 Re: request for CVE: clamav 0.94 release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/04/13" + }, + { + "name": "SUSE-SR:2008:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661" + }, + { + "name": "MDVSA-2008:189", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189" + }, + { + "name": "[oss-security] 20080903 request for CVE: clamav 0.94 release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/03/2" + }, + { + "name": "FEDORA-2008-9651", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html" + }, + { + "name": "32222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32222" + }, + { + "name": "GLSA-200809-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml" + }, + { + "name": "http://kolab.org/security/kolab-vendor-notice-22.txt", + "refsource": "CONFIRM", + "url": "http://kolab.org/security/kolab-vendor-notice-22.txt" + }, + { + "name": "1020828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020828" + }, + { + "name": "DSA-1660", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1660" + }, + { + "name": "32424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32424" + }, + { + "name": "ADV-2008-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2780" + }, + { + "name": "ADV-2008-2564", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2564" + }, + { + "name": "32699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32699" + }, + { + "name": "APPLE-SA-2008-10-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3216", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3216" + }, + { + "name": "31906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31906" + }, + { + "name": "FEDORA-2008-9644", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html" + }, + { + "name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog", + "refsource": "CONFIRM", + "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog" + }, + { + "name": "clamav-multiple-unspecified(45058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45058" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4201.json b/2008/4xxx/CVE-2008-4201.json index 065f8444aed..82e6ddca740 100644 --- a/2008/4xxx/CVE-2008-4201.json +++ b/2008/4xxx/CVE-2008-4201.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/attachment.cgi?id=166174&action=view", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/attachment.cgi?id=166174&action=view" - }, - { - "name" : "[oss-security] 20080924 Re: CVE id request: fraud2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/24/6" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=238445", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=238445" - }, - { - "name" : "http://www.audiocoding.com/archive.html", - "refsource" : "CONFIRM", - "url" : "http://www.audiocoding.com/archive.html" - }, - { - "name" : "http://www.audiocoding.com/patch/main_overflow.diff", - "refsource" : "CONFIRM", - "url" : "http://www.audiocoding.com/patch/main_overflow.diff" - }, - { - "name" : "GLSA-200811-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-03.xml" - }, - { - "name" : "31219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31219" - }, - { - "name" : "48349", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48349" - }, - { - "name" : "32661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32661" - }, - { - "name" : "32006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32006" - }, - { - "name" : "ADV-2008-2601", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200811-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-03.xml" + }, + { + "name": "[oss-security] 20080924 Re: CVE id request: fraud2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/24/6" + }, + { + "name": "ADV-2008-2601", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2601" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899" + }, + { + "name": "32006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32006" + }, + { + "name": "http://www.audiocoding.com/patch/main_overflow.diff", + "refsource": "CONFIRM", + "url": "http://www.audiocoding.com/patch/main_overflow.diff" + }, + { + "name": "31219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31219" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=238445", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=238445" + }, + { + "name": "http://www.audiocoding.com/archive.html", + "refsource": "CONFIRM", + "url": "http://www.audiocoding.com/archive.html" + }, + { + "name": "http://bugs.gentoo.org/attachment.cgi?id=166174&action=view", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/attachment.cgi?id=166174&action=view" + }, + { + "name": "32661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32661" + }, + { + "name": "48349", + "refsource": "OSVDB", + "url": "http://osvdb.org/48349" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4389.json b/2008/4xxx/CVE-2008-4389.json index c76db7866eb..d7980fd23ca 100644 --- a/2008/4xxx/CVE-2008-4389.json +++ b/2008/4xxx/CVE-2008-4389.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-4389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00" - }, - { - "name" : "VU#221257", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/221257" - }, - { - "name" : "40611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40611" - }, - { - "name" : "40233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40233" - }, - { - "name" : "ADV-2010-1511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1511" - }, - { - "name" : "symantec-appstream-download-ce(59504)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40611" + }, + { + "name": "ADV-2010-1511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1511" + }, + { + "name": "VU#221257", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/221257" + }, + { + "name": "40233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40233" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00" + }, + { + "name": "symantec-appstream-download-ce(59504)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4980.json b/2008/4xxx/CVE-2008-4980.json index 2c3904610a7..cd479872f26 100644 --- a/2008/4xxx/CVE-2008-4980.json +++ b/2008/4xxx/CVE-2008-4980.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/496364", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/496364" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/rccp", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/rccp" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "30955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/rccp", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/rccp" + }, + { + "name": "http://bugs.debian.org/496364", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/496364" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "30955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30955" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2410.json b/2013/2xxx/CVE-2013-2410.json index b46591d5ce3..83a5c16ce81 100644 --- a/2013/2xxx/CVE-2013-2410.json +++ b/2013/2xxx/CVE-2013-2410.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2470.json b/2013/2xxx/CVE-2013-2470.json index 00421aaa3eb..5f0cc02db37 100644 --- a/2013/2xxx/CVE-2013-2470.json +++ b/2013/2xxx/CVE-2013-2470.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"ImagingLib byte lookup processing.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/89d9ec9e80c1", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/89d9ec9e80c1" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975099", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975099" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2013-0185.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2013-0185.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "MDVSA-2013:183", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1293", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "SUSE-SU-2013:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" - }, - { - "name" : "SUSE-SU-2013:1264", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60651" - }, - { - "name" : "oval:org.mitre.oval:def:16806", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16806" - }, - { - "name" : "oval:org.mitre.oval:def:19348", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19348" - }, - { - "name" : "oval:org.mitre.oval:def:19517", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19517" - }, - { - "name" : "oval:org.mitre.oval:def:19655", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19655" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"ImagingLib byte lookup processing.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19348", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19348" + }, + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1264", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "oval:org.mitre.oval:def:19655", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19655" + }, + { + "name": "SUSE-SU-2013:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/89d9ec9e80c1", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/89d9ec9e80c1" + }, + { + "name": "oval:org.mitre.oval:def:19517", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19517" + }, + { + "name": "SUSE-SU-2013:1293", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" + }, + { + "name": "60651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60651" + }, + { + "name": "RHSA-2013:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "http://advisories.mageia.org/MGASA-2013-0185.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2013-0185.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975099", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975099" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "MDVSA-2013:183", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:16806", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16806" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2767.json b/2013/2xxx/CVE-2013-2767.json index 0626a126b9c..7099ced8cfb 100644 --- a/2013/2xxx/CVE-2013-2767.json +++ b/2013/2xxx/CVE-2013-2767.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/ctx137238", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/ctx137238" - }, - { - "name" : "VU#521612", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/521612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.citrix.com/article/ctx137238", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/ctx137238" + }, + { + "name": "VU#521612", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/521612" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2921.json b/2013/2xxx/CVE-2013-2921.json index e94771a3166..b4c1722edd6 100644 --- a/2013/2xxx/CVE-2013-2921.json +++ b/2013/2xxx/CVE-2013-2921.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=286414", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=286414" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=157760&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=157760&view=revision" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "openSUSE-SU-2013:1556", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:18389", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:18389", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18389" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "openSUSE-SU-2013:1556", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=157760&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=157760&view=revision" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=286414", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=286414" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2948.json b/2013/2xxx/CVE-2013-2948.json index 9f0f78ac1bf..899b939ddcb 100644 --- a/2013/2xxx/CVE-2013-2948.json +++ b/2013/2xxx/CVE-2013-2948.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2948", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2948", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3599.json b/2013/3xxx/CVE-2013-3599.json index 62acf1fd2ce..f7ba5ff3150 100644 --- a/2013/3xxx/CVE-2013-3599.json +++ b/2013/3xxx/CVE-2013-3599.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#960908", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/960908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#960908", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/960908" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3788.json b/2013/3xxx/CVE-2013-3788.json index b490f0430c2..a22dd8092c8 100644 --- a/2013/3xxx/CVE-2013-3788.json +++ b/2013/3xxx/CVE-2013-3788.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Supplier Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "61278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61278" - }, - { - "name" : "95284", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95284" - }, - { - "name" : "1028799", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028799" - }, - { - "name" : "54222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54222" - }, - { - "name" : "oracle-cpujuly2013-cve20133788(85671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Supplier Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-cpujuly2013-cve20133788(85671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85671" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "95284", + "refsource": "OSVDB", + "url": "http://osvdb.org/95284" + }, + { + "name": "1028799", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028799" + }, + { + "name": "61278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61278" + }, + { + "name": "54222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54222" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3814.json b/2013/3xxx/CVE-2013-3814.json index 9da78976e98..8dbd1101cfc 100644 --- a/2013/3xxx/CVE-2013-3814.json +++ b/2013/3xxx/CVE-2013-3814.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Retail Invoice Matching component in Oracle Industry Applications 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to System Administration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Retail Invoice Matching component in Oracle Industry Applications 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to System Administration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6057.json b/2013/6xxx/CVE-2013-6057.json index 701def333f9..98d2ab67cf8 100644 --- a/2013/6xxx/CVE-2013-6057.json +++ b/2013/6xxx/CVE-2013-6057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6330.json b/2013/6xxx/CVE-2013-6330.json index e53e2d0a7ce..e026721b2ad 100644 --- a/2013/6xxx/CVE-2013-6330.json +++ b/2013/6xxx/CVE-2013-6330.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21661323", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21661323" - }, - { - "name" : "PM98624", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM98624" - }, - { - "name" : "ibm-was-cve20136330-infodisc(88905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21661323", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21661323" + }, + { + "name": "PM98624", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM98624" + }, + { + "name": "ibm-was-cve20136330-infodisc(88905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88905" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7083.json b/2013/7xxx/CVE-2013-7083.json index 32a9d1beec6..e2422fdf917 100644 --- a/2013/7xxx/CVE-2013-7083.json +++ b/2013/7xxx/CVE-2013-7083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7083", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7083", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7115.json b/2013/7xxx/CVE-2013-7115.json index 83f7c41b3d9..fdece66a5be 100644 --- a/2013/7xxx/CVE-2013-7115.json +++ b/2013/7xxx/CVE-2013-7115.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7115", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-7115", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10036.json b/2017/10xxx/CVE-2017-10036.json index 764e35805be..a88233f7da4 100644 --- a/2017/10xxx/CVE-2017-10036.json +++ b/2017/10xxx/CVE-2017-10036.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10" - }, - { - "version_affected" : "=", - "version_value" : "11" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10" + }, + { + "version_affected": "=", + "version_value": "11" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99840" - }, - { - "name" : "1038938", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99840" + }, + { + "name": "1038938", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038938" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10343.json b/2017/10xxx/CVE-2017-10343.json index f976a9e40be..d2fcf22dd11 100644 --- a/2017/10xxx/CVE-2017-10343.json +++ b/2017/10xxx/CVE-2017-10343.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Simphony", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.8" - }, - { - "version_affected" : "=", - "version_value" : "2.9" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Simphony", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.8" + }, + { + "version_affected": "=", + "version_value": "2.9" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101409" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14171.json b/2017/14xxx/CVE-2017-14171.json index 610cb9fe90a..003eba345c3 100644 --- a/2017/14xxx/CVE-2017-14171.json +++ b/2017/14xxx/CVE-2017-14171.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large \"table_entries_used\" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7" - }, - { - "name" : "DSA-3996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3996" - }, - { - "name" : "100706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large \"table_entries_used\" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7" + }, + { + "name": "100706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100706" + }, + { + "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" + }, + { + "name": "DSA-3996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3996" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14382.json b/2017/14xxx/CVE-2017-14382.json index 022b90605e3..cf12b68bfdb 100644 --- a/2017/14xxx/CVE-2017-14382.json +++ b/2017/14xxx/CVE-2017-14382.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14382", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14382", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14597.json b/2017/14xxx/CVE-2017-14597.json index bee7d50554a..7c2b5e0918f 100644 --- a/2017/14xxx/CVE-2017-14597.json +++ b/2017/14xxx/CVE-2017-14597.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://auroramail.wordpress.com/2017/08/28/vulnerability-in-webmailaurora-closed/", - "refsource" : "CONFIRM", - "url" : "https://auroramail.wordpress.com/2017/08/28/vulnerability-in-webmailaurora-closed/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://auroramail.wordpress.com/2017/08/28/vulnerability-in-webmailaurora-closed/", + "refsource": "CONFIRM", + "url": "https://auroramail.wordpress.com/2017/08/28/vulnerability-in-webmailaurora-closed/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15565.json b/2017/15xxx/CVE-2017-15565.json index 7d0c5e8a943..759d6ebd9c3 100644 --- a/2017/15xxx/CVE-2017-15565.json +++ b/2017/15xxx/CVE-2017-15565.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=103016", - "refsource" : "MISC", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=103016" - }, - { - "name" : "DSA-4079", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=103016", + "refsource": "MISC", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=103016" + }, + { + "name": "DSA-4079", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4079" + }, + { + "name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17278.json b/2017/17xxx/CVE-2017-17278.json index 6c55774bc51..760ebbd3e63 100644 --- a/2017/17xxx/CVE-2017-17278.json +++ b/2017/17xxx/CVE-2017-17278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17278", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17278", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17845.json b/2017/17xxx/CVE-2017-17845.json index 9de6746dd73..93674957ea3 100644 --- a/2017/17xxx/CVE-2017-17845.json +++ b/2017/17xxx/CVE-2017-17845.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171223 [SECURITY] [DLA 1219-1] enigmail security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html" - }, - { - "name" : "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf", - "refsource" : "MISC", - "url" : "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf" - }, - { - "name" : "https://lists.debian.org/debian-security-announce/2017/msg00333.html", - "refsource" : "MISC", - "url" : "https://lists.debian.org/debian-security-announce/2017/msg00333.html" - }, - { - "name" : "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html", - "refsource" : "MISC", - "url" : "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html" - }, - { - "name" : "DSA-4070", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf", + "refsource": "MISC", + "url": "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf" + }, + { + "name": "https://lists.debian.org/debian-security-announce/2017/msg00333.html", + "refsource": "MISC", + "url": "https://lists.debian.org/debian-security-announce/2017/msg00333.html" + }, + { + "name": "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html", + "refsource": "MISC", + "url": "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html" + }, + { + "name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1219-1] enigmail security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html" + }, + { + "name": "DSA-4070", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4070" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17951.json b/2017/17xxx/CVE-2017-17951.json index ddc53707d65..af896a79a26 100644 --- a/2017/17xxx/CVE-2017-17951.json +++ b/2017/17xxx/CVE-2017-17951.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9140.json b/2017/9xxx/CVE-2017-9140.json index acb1c88ad1f..5f6c3b34771 100644 --- a/2017/9xxx/CVE-2017-9140.json +++ b/2017/9xxx/CVE-2017-9140.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module", - "refsource" : "MISC", - "url" : "https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module" - }, - { - "name" : "http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406)", - "refsource" : "CONFIRM", - "url" : "http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406)" - }, - { - "name" : "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018", - "refsource" : "CONFIRM", - "url" : "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406)", + "refsource": "CONFIRM", + "url": "http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406)" + }, + { + "name": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018", + "refsource": "CONFIRM", + "url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018" + }, + { + "name": "https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module", + "refsource": "MISC", + "url": "https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9274.json b/2017/9xxx/CVE-2017-9274.json index 0bd3f7bf25a..999ac250560 100644 --- a/2017/9xxx/CVE-2017-9274.json +++ b/2017/9xxx/CVE-2017-9274.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.com", - "DATE_PUBLIC" : "2017-12-08T00:00:00.000Z", - "ID" : "CVE-2017-9274", - "STATE" : "PUBLIC", - "TITLE" : "osc executes spec code during \"osc commit\"" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-12-08T00:00:00.000Z", + "ID": "CVE-2017-9274", + "STATE": "PUBLIC", + "TITLE": "osc executes spec code during \"osc commit\"" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "obs-service-source_validator", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "0.7" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Christian Boltz of openSUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "obs-service-source_validator", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "0.7" - } - ] - } - } - ] - }, - "vendor_name" : "SUSE" + "lang": "eng", + "value": "A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs." } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Christian Boltz of openSUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Shell code injection due to insufficient escaping of RPM spec file macros." - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=938556", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=938556" - }, - { - "name" : "https://www.suse.com/de-de/security/cve/CVE-2017-9274/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/de-de/security/cve/CVE-2017-9274/" - }, - { - "name" : "SUSE-SU-2017:3253", - "refsource" : "SUSE", - "url" : "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html" - } - ] - }, - "source" : { - "advisory" : "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html", - "defect" : [ - "https://bugzilla.suse.com/show_bug.cgi?id=938556" - ], - "discovery" : "UNKNOWN" - } -} + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Shell code injection due to insufficient escaping of RPM spec file macros." + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2017:3253", + "refsource": "SUSE", + "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html" + }, + { + "name": "https://www.suse.com/de-de/security/cve/CVE-2017-9274/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/de-de/security/cve/CVE-2017-9274/" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=938556", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=938556" + } + ] + }, + "source": { + "advisory": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html", + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=938556" + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9580.json b/2017/9xxx/CVE-2017-9580.json index bed55d167f5..ca3efd3bc2a 100644 --- a/2017/9xxx/CVE-2017-9580.json +++ b/2017/9xxx/CVE-2017-9580.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Pioneer Bank & Trust Mobile Banking\" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Pioneer Bank & Trust Mobile Banking\" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0217.json b/2018/0xxx/CVE-2018-0217.json index ff2e7bc6956..649be559c13 100644 --- a/2018/0xxx/CVE-2018-0217.json +++ b/2018/0xxx/CVE-2018-0217.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco StarOS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco StarOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco StarOS", + "version": { + "version_data": [ + { + "version_value": "Cisco StarOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros" - }, - { - "name" : "103346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103346" - }, - { - "name" : "1040466", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-staros" + }, + { + "name": "103346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103346" + }, + { + "name": "1040466", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040466" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0658.json b/2018/0xxx/CVE-2018-0658.json index d0aaba65880..dc7a155e2c9 100644 --- a/2018/0xxx/CVE-2018-0658.json +++ b/2018/0xxx/CVE-2018-0658.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE", - "version" : { - "version_data" : [ - { - "version_value" : "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "GMO Payment Gateway, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE", + "version": { + "version_data": [ + { + "version_value": "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "GMO Payment Gateway, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#06372244", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN06372244/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#06372244", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN06372244/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0816.json b/2018/0xxx/CVE-2018-0816.json index 7bec4177c29..08dcb49001b 100644 --- a/2018/0xxx/CVE-2018-0816.json +++ b/2018/0xxx/CVE-2018-0816.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0815 and CVE-2018-0817." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0816", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0816" - }, - { - "name" : "103248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103248" - }, - { - "name" : "1040515", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0815 and CVE-2018-0817." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0816", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0816" + }, + { + "name": "1040515", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040515" + }, + { + "name": "103248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103248" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000129.json b/2018/1000xxx/CVE-2018-1000129.json index 3d8b2e66d83..9f14940243c 100644 --- a/2018/1000xxx/CVE-2018-1000129.json +++ b/2018/1000xxx/CVE-2018-1000129.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-02-22", - "ID" : "CVE-2018-1000129", - "REQUESTER" : "mhopkins@gdssecurity.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jolokia", - "version" : { - "version_data" : [ - { - "version_value" : "1.3.7 and 1.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Jolokia" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-02-22", + "ID": "CVE-2018-1000129", + "REQUESTER": "mhopkins@gdssecurity.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad", - "refsource" : "CONFIRM", - "url" : "https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad" - }, - { - "name" : "https://jolokia.org/#Security_fixes_with_1.5.0", - "refsource" : "CONFIRM", - "url" : "https://jolokia.org/#Security_fixes_with_1.5.0" - }, - { - "name" : "RHSA-2018:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2669" - }, - { - "name" : "RHSA-2018:3817", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad", + "refsource": "CONFIRM", + "url": "https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad" + }, + { + "name": "RHSA-2018:3817", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3817" + }, + { + "name": "https://jolokia.org/#Security_fixes_with_1.5.0", + "refsource": "CONFIRM", + "url": "https://jolokia.org/#Security_fixes_with_1.5.0" + }, + { + "name": "RHSA-2018:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2669" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000625.json b/2018/1000xxx/CVE-2018-1000625.json index 1b25df46492..4283b2e6f5e 100644 --- a/2018/1000xxx/CVE-2018-1000625.json +++ b/2018/1000xxx/CVE-2018-1000625.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T16:52:42.833934", - "DATE_REQUESTED" : "2018-07-27T00:00:00", - "ID" : "CVE-2018-1000625", - "REQUESTER" : "stmoore@us.ibm.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "V2I Hub", - "version" : { - "version_data" : [ - { - "version_value" : "2.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "Battelle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Default Account" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T16:52:42.833934", + "DATE_REQUESTED": "2018-07-27T00:00:00", + "ID": "CVE-2018-1000625", + "REQUESTER": "stmoore@us.ibm.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147302", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147302", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147302" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000843.json b/2018/1000xxx/CVE-2018-1000843.json index 01a4fb3512c..3bdadb84a4d 100644 --- a/2018/1000xxx/CVE-2018-1000843.json +++ b/2018/1000xxx/CVE-2018-1000843.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.480387", - "DATE_REQUESTED" : "2018-11-02T13:25:28", - "ID" : "CVE-2018-1000843", - "REQUESTER" : "honnix@spotify.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Luigi", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after PR https://github.com/spotify/luigi/pull/1870" - } - ] - } - } - ] - }, - "vendor_name" : "Luigi" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross ite Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.480387", + "DATE_REQUESTED": "2018-11-02T13:25:28", + "ID": "CVE-2018-1000843", + "REQUESTER": "honnix@spotify.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/spotify/luigi/blob/2.7.9/luigi/server.py#L67", - "refsource" : "MISC", - "url" : "https://github.com/spotify/luigi/blob/2.7.9/luigi/server.py#L67" - }, - { - "name" : "https://github.com/spotify/luigi/pull/1870", - "refsource" : "MISC", - "url" : "https://github.com/spotify/luigi/pull/1870" - }, - { - "name" : "https://groups.google.com/forum/#!topic/luigi-user/ZgfRTpBsVUY", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/luigi-user/ZgfRTpBsVUY" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/spotify/luigi/pull/1870", + "refsource": "MISC", + "url": "https://github.com/spotify/luigi/pull/1870" + }, + { + "name": "https://groups.google.com/forum/#!topic/luigi-user/ZgfRTpBsVUY", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/luigi-user/ZgfRTpBsVUY" + }, + { + "name": "https://github.com/spotify/luigi/blob/2.7.9/luigi/server.py#L67", + "refsource": "MISC", + "url": "https://github.com/spotify/luigi/blob/2.7.9/luigi/server.py#L67" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19378.json b/2018/19xxx/CVE-2018-19378.json index d02af067a13..4886dc60f46 100644 --- a/2018/19xxx/CVE-2018-19378.json +++ b/2018/19xxx/CVE-2018-19378.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19378", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19378", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19399.json b/2018/19xxx/CVE-2018-19399.json index 932d3bd6795..bd4c2731a9f 100644 --- a/2018/19xxx/CVE-2018-19399.json +++ b/2018/19xxx/CVE-2018-19399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19449.json b/2018/19xxx/CVE-2018-19449.json index 9db8bef68b6..b5bcd676788 100644 --- a/2018/19xxx/CVE-2018-19449.json +++ b/2018/19xxx/CVE-2018-19449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19515.json b/2018/19xxx/CVE-2018-19515.json index f10fd9e27ce..c6167cbd1eb 100644 --- a/2018/19xxx/CVE-2018-19515.json +++ b/2018/19xxx/CVE-2018-19515.json @@ -1,18 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19515", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2019/Jan/15", + "url": "https://seclists.org/fulldisclosure/2019/Jan/15" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1784.json b/2018/1xxx/CVE-2018-1784.json index 8857a1e1562..5ce9f75667f 100644 --- a/2018/1xxx/CVE-2018-1784.json +++ b/2018/1xxx/CVE-2018-1784.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-18T00:00:00", - "ID" : "CVE-2018-1784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.8.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "H", - "I" : "L", - "PR" : "L", - "S" : "U", - "SCORE" : "7.100", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-18T00:00:00", + "ID": "CVE-2018-1784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.8.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737883", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737883" - }, - { - "name" : "106316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106316" - }, - { - "name" : "ibm-api-cve20181784-nosql-injection(148807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "H", + "I": "L", + "PR": "L", + "S": "U", + "SCORE": "7.100", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106316" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10737883", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737883" + }, + { + "name": "ibm-api-cve20181784-nosql-injection(148807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148807" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4707.json b/2018/4xxx/CVE-2018-4707.json index 0a7a26adca6..049202b1a1f 100644 --- a/2018/4xxx/CVE-2018-4707.json +++ b/2018/4xxx/CVE-2018-4707.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4707", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4707", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file