diff --git a/2008/0xxx/CVE-2008-0027.json b/2008/0xxx/CVE-2008-0027.json index 01e5c49b2d5..753da6c1f7f 100644 --- a/2008/0xxx/CVE-2008-0027.json +++ b/2008/0xxx/CVE-2008-0027.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-0027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486432/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02" - }, - { - "name" : "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml" - }, - { - "name" : "27313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27313" - }, - { - "name" : "ADV-2008-0171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0171" - }, - { - "name" : "1019223", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019223" - }, - { - "name" : "28530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28530" - }, - { - "name" : "3551", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3551" - }, - { - "name" : "cisco-cucm-ctl-bo(39704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded" + }, + { + "name": "ADV-2008-0171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0171" + }, + { + "name": "3551", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3551" + }, + { + "name": "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02" + }, + { + "name": "cisco-cucm-ctl-bo(39704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704" + }, + { + "name": "1019223", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019223" + }, + { + "name": "27313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27313" + }, + { + "name": "28530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28530" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0034.json b/2008/0xxx/CVE-2008-0034.json index f0f56fd1fcf..3fc1a389ce8 100644 --- a/2008/0xxx/CVE-2008-0034.json +++ b/2008/0xxx/CVE-2008-0034.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-01-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307302", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307302" - }, - { - "name" : "27297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27297" - }, - { - "name" : "ADV-2008-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0147" - }, - { - "name" : "1019219", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019219" - }, - { - "name" : "28497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28497" - }, - { - "name" : "iphone-passcode-lock-security-bypass(39701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iphone-passcode-lock-security-bypass(39701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39701" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307302", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307302" + }, + { + "name": "1019219", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019219" + }, + { + "name": "28497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28497" + }, + { + "name": "27297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27297" + }, + { + "name": "APPLE-SA-2008-01-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html" + }, + { + "name": "ADV-2008-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0147" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0305.json b/2008/0xxx/CVE-2008-0305.json index 73edcc3c680..5ab21a0e355 100644 --- a/2008/0xxx/CVE-2008-0305.json +++ b/2008/0xxx/CVE-2008-0305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0305", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0305", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0384.json b/2008/0xxx/CVE-2008-0384.json index c780a4700a3..84b0db6c784 100644 --- a/2008/0xxx/CVE-2008-0384.json +++ b/2008/0xxx/CVE-2008-0384.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4935", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4935" - }, - { - "name" : "[openbsd-security-announce] 20080111 errata 005 for OpenBSD 4.2: local users can provoke a kernel panic", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=openbsd-security-announce&m=120007327504064" - }, - { - "name" : "[4.2] 20080111 005: RELIABILITY FIX: January 11, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata42.html#005_ifrtlabel" - }, - { - "name" : "27252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27252" - }, - { - "name" : "1019188", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019188" - }, - { - "name" : "28473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27252" + }, + { + "name": "4935", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4935" + }, + { + "name": "[4.2] 20080111 005: RELIABILITY FIX: January 11, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata42.html#005_ifrtlabel" + }, + { + "name": "28473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28473" + }, + { + "name": "1019188", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019188" + }, + { + "name": "[openbsd-security-announce] 20080111 errata 005 for OpenBSD 4.2: local users can provoke a kernel panic", + "refsource": "MLIST", + "url": "http://marc.info/?l=openbsd-security-announce&m=120007327504064" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0723.json b/2008/0xxx/CVE-2008-0723.json index eec3e3bd223..305def96823 100644 --- a/2008/0xxx/CVE-2008-0723.json +++ b/2008/0xxx/CVE-2008-0723.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080206 MyNews 1.6.X HTML/JS Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=120232523420188&w=2" - }, - { - "name" : "20080207 Re: MyNews 1.6.X HTML/JS Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=120235668406688&w=2" - }, - { - "name" : "27652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27652" + }, + { + "name": "20080207 Re: MyNews 1.6.X HTML/JS Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=120235668406688&w=2" + }, + { + "name": "20080206 MyNews 1.6.X HTML/JS Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=120232523420188&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0839.json b/2008/0xxx/CVE-2008-0839.json index 41ea01e01e1..4ce7ae0a578 100644 --- a/2008/0xxx/CVE-2008-0839.json +++ b/2008/0xxx/CVE-2008-0839.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5138", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5138" - }, - { - "name" : "27850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27850" - }, - { - "name" : "29008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29008" - }, - { - "name" : "astatspro-refer-sql-injection(40611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29008" + }, + { + "name": "5138", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5138" + }, + { + "name": "27850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27850" + }, + { + "name": "astatspro-refer-sql-injection(40611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40611" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1071.json b/2008/1xxx/CVE-2008-1071.json index f2a80531cc5..e155c11c18c 100644 --- a/2008/1xxx/CVE-2008-1071.json +++ b/2008/1xxx/CVE-2008-1071.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080229 rPSA-2008-0092-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488967/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-01.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2296", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2296" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" - }, - { - "name" : "FEDORA-2008-2941", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" - }, - { - "name" : "FEDORA-2008-3040", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" - }, - { - "name" : "GLSA-200803-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-32.xml" - }, - { - "name" : "MDVSA-2008:057", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:057" - }, - { - "name" : "RHSA-2008:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "28025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28025" - }, - { - "name" : "oval:org.mitre.oval:def:11633", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11633" - }, - { - "name" : "oval:org.mitre.oval:def:14784", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14784" - }, - { - "name" : "ADV-2008-0704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0704" - }, - { - "name" : "ADV-2008-2773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2773" - }, - { - "name" : "1019515", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019515" - }, - { - "name" : "29156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29156" - }, - { - "name" : "29188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29188" - }, - { - "name" : "29223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29223" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "29511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29511" - }, - { - "name" : "29736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29736" - }, - { - "name" : "32091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200803-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-32.xml" + }, + { + "name": "RHSA-2008:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html" + }, + { + "name": "oval:org.mitre.oval:def:11633", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11633" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-01.html" + }, + { + "name": "FEDORA-2008-3040", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" + }, + { + "name": "29188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29188" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "29511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29511" + }, + { + "name": "oval:org.mitre.oval:def:14784", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14784" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "20080229 rPSA-2008-0092-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488967/100/0/threaded" + }, + { + "name": "1019515", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019515" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" + }, + { + "name": "32091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32091" + }, + { + "name": "29736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29736" + }, + { + "name": "ADV-2008-2773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2773" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2296", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2296" + }, + { + "name": "ADV-2008-0704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0704" + }, + { + "name": "28025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28025" + }, + { + "name": "MDVSA-2008:057", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:057" + }, + { + "name": "29156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29156" + }, + { + "name": "FEDORA-2008-2941", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" + }, + { + "name": "29223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29223" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1615.json b/2008/1xxx/CVE-2008-1615.json index 20ea69098bf..e6a950bbe91 100644 --- a/2008/1xxx/CVE-2008-1615.json +++ b/2008/1xxx/CVE-2008-1615.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=431430", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=431430" - }, - { - "name" : "DSA-1588", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1588" - }, - { - "name" : "FEDORA-2008-4043", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html" - }, - { - "name" : "MDVSA-2008:167", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" - }, - { - "name" : "MDVSA-2008:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" - }, - { - "name" : "RHSA-2008:0237", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0237.html" - }, - { - "name" : "RHSA-2008:0275", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0275.html" - }, - { - "name" : "RHSA-2008:0585", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html" - }, - { - "name" : "SUSE-SA:2008:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" - }, - { - "name" : "SUSE-SA:2008:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html" - }, - { - "name" : "SUSE-SA:2008:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" - }, - { - "name" : "SUSE-SA:2008:035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" - }, - { - "name" : "SUSE-SA:2008:038", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" - }, - { - "name" : "USN-625-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-625-1" - }, - { - "name" : "29086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29086" - }, - { - "name" : "oval:org.mitre.oval:def:9563", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9563" - }, - { - "name" : "1020047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020047" - }, - { - "name" : "30252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30252" - }, - { - "name" : "30294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30294" - }, - { - "name" : "30368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30368" - }, - { - "name" : "30818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30818" - }, - { - "name" : "30890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30890" - }, - { - "name" : "30962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30962" - }, - { - "name" : "31107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31107" - }, - { - "name" : "31628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31628" - }, - { - "name" : "30112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30112" - }, - { - "name" : "30982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30982" - }, - { - "name" : "linux-kernel-processtrace-dos(42278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:0275", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0275.html" + }, + { + "name": "30962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30962" + }, + { + "name": "30294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30294" + }, + { + "name": "30368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30368" + }, + { + "name": "linux-kernel-processtrace-dos(42278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42278" + }, + { + "name": "SUSE-SA:2008:038", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" + }, + { + "name": "SUSE-SA:2008:035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" + }, + { + "name": "oval:org.mitre.oval:def:9563", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9563" + }, + { + "name": "RHSA-2008:0237", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0237.html" + }, + { + "name": "MDVSA-2008:167", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" + }, + { + "name": "30982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30982" + }, + { + "name": "DSA-1588", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1588" + }, + { + "name": "SUSE-SA:2008:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html" + }, + { + "name": "1020047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020047" + }, + { + "name": "RHSA-2008:0585", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html" + }, + { + "name": "MDVSA-2008:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" + }, + { + "name": "31107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31107" + }, + { + "name": "30252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30252" + }, + { + "name": "FEDORA-2008-4043", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html" + }, + { + "name": "30890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30890" + }, + { + "name": "31628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31628" + }, + { + "name": "USN-625-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-625-1" + }, + { + "name": "29086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29086" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431430", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431430" + }, + { + "name": "SUSE-SA:2008:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" + }, + { + "name": "30818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30818" + }, + { + "name": "30112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30112" + }, + { + "name": "SUSE-SA:2008:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1643.json b/2008/1xxx/CVE-2008-1643.json index 3c70ca0f66c..f52e21b3a08 100644 --- a/2008/1xxx/CVE-2008-1643.json +++ b/2008/1xxx/CVE-2008-1643.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://community.landesk.com/support/docs/DOC-2659", - "refsource" : "CONFIRM", - "url" : "http://community.landesk.com/support/docs/DOC-2659" - }, - { - "name" : "28535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28535" - }, - { - "name" : "ADV-2008-1051", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1051/references" - }, - { - "name" : "1019748", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019748" - }, - { - "name" : "29324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29324" - }, - { - "name" : "landesk-pxetftp-directory-traversal(41562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1051", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1051/references" + }, + { + "name": "29324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29324" + }, + { + "name": "landesk-pxetftp-directory-traversal(41562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41562" + }, + { + "name": "28535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28535" + }, + { + "name": "http://community.landesk.com/support/docs/DOC-2659", + "refsource": "CONFIRM", + "url": "http://community.landesk.com/support/docs/DOC-2659" + }, + { + "name": "1019748", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019748" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1649.json b/2008/1xxx/CVE-2008-1649.json index fa8754a3e74..f8db95b9f5c 100644 --- a/2008/1xxx/CVE-2008-1649.json +++ b/2008/1xxx/CVE-2008-1649.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490338/100/0/threaded" - }, - { - "name" : "5333", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5333" - }, - { - "name" : "28542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28542" - }, - { - "name" : "29624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29624" - }, - { - "name" : "3793", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3793" - }, - { - "name" : "easynews-index-xss(41593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5333", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5333" + }, + { + "name": "easynews-index-xss(41593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41593" + }, + { + "name": "28542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28542" + }, + { + "name": "29624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29624" + }, + { + "name": "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490338/100/0/threaded" + }, + { + "name": "3793", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3793" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1957.json b/2008/1xxx/CVE-2008-1957.json index fd1a0e6865a..223f93862d9 100644 --- a/2008/1xxx/CVE-2008-1957.json +++ b/2008/1xxx/CVE-2008-1957.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5483", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5483" - }, - { - "name" : "28876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28876" - }, - { - "name" : "ADV-2008-1319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1319/references" - }, - { - "name" : "29814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29814" - }, - { - "name" : "trscriptnews-news-sql-injection(41946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "trscriptnews-news-sql-injection(41946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41946" + }, + { + "name": "ADV-2008-1319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1319/references" + }, + { + "name": "28876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28876" + }, + { + "name": "29814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29814" + }, + { + "name": "5483", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5483" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4139.json b/2008/4xxx/CVE-2008-4139.json index 92b4e9b5acd..58bb87d0e44 100644 --- a/2008/4xxx/CVE-2008-4139.json +++ b/2008/4xxx/CVE-2008-4139.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080916 [NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496435/100/0/threaded" - }, - { - "name" : "31210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31210" - }, - { - "name" : "31701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31701" - }, - { - "name" : "quickcmslite-admin-xss(45194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080916 [NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496435/100/0/threaded" + }, + { + "name": "31701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31701" + }, + { + "name": "quickcmslite-admin-xss(45194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45194" + }, + { + "name": "31210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31210" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4467.json b/2008/4xxx/CVE-2008-4467.json index 47829a31121..fbcf88af6f2 100644 --- a/2008/4xxx/CVE-2008-4467.json +++ b/2008/4xxx/CVE-2008-4467.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6374", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6374" - }, - { - "name" : "31033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31033" - }, - { - "name" : "tonercart-showseriesink-sql-injection(44955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31033" + }, + { + "name": "6374", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6374" + }, + { + "name": "tonercart-showseriesink-sql-injection(44955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44955" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5644.json b/2008/5xxx/CVE-2008-5644.json index 48fac82f5b3..95d18c0bad2 100644 --- a/2008/5xxx/CVE-2008-5644.json +++ b/2008/5xxx/CVE-2008-5644.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/" - }, - { - "name" : "32284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32284" - }, - { - "name" : "ADV-2008-3144", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3144" - }, - { - "name" : "32689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32689" - }, - { - "name" : "typo3-file-backend-xss(46585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3144", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3144" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/" + }, + { + "name": "typo3-file-backend-xss(46585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585" + }, + { + "name": "32689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32689" + }, + { + "name": "32284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32284" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3393.json b/2013/3xxx/CVE-2013-3393.json index c982a0ed7e2..f0864a87f28 100644 --- a/2013/3xxx/CVE-2013-3393.json +++ b/2013/3xxx/CVE-2013-3393.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130625 Cisco Jabber Video Engine Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130625 Cisco Jabber Video Engine Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3393" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3607.json b/2013/3xxx/CVE-2013-3607.json index 01ef9496a26..fdb13950018 100644 --- a/2013/3xxx/CVE-2013-3607.json +++ b/2013/3xxx/CVE-2013-3607.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf", - "refsource" : "MISC", - "url" : "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf" - }, - { - "name" : "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013", - "refsource" : "MISC", - "url" : "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013" - }, - { - "name" : "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf" - }, - { - "name" : "https://support.citrix.com/article/CTX216642", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX216642" - }, - { - "name" : "VU#648646", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/648646" - }, - { - "name" : "62094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62094" + }, + { + "name": "VU#648646", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/648646" + }, + { + "name": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf", + "refsource": "CONFIRM", + "url": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf" + }, + { + "name": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf", + "refsource": "MISC", + "url": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf" + }, + { + "name": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013", + "refsource": "MISC", + "url": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013" + }, + { + "name": "https://support.citrix.com/article/CTX216642", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX216642" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3776.json b/2013/3xxx/CVE-2013-3776.json index d655709b201..92afea33c18 100644 --- a/2013/3xxx/CVE-2013-3776.json +++ b/2013/3xxx/CVE-2013-3776.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MS13-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-061" - }, - { - "name" : "JVN#68663052", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN68663052/index.html" - }, - { - "name" : "JVNDB-2013-000071", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html" - }, - { - "name" : "61234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61234" - }, - { - "name" : "95276", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95276" - }, - { - "name" : "oval:org.mitre.oval:def:18243", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18243" - }, - { - "name" : "1028801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028801" - }, - { - "name" : "oracle-cpujuly2013-cve20133776(85663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#68663052", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN68663052/index.html" + }, + { + "name": "oracle-cpujuly2013-cve20133776(85663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85663" + }, + { + "name": "95276", + "refsource": "OSVDB", + "url": "http://osvdb.org/95276" + }, + { + "name": "61234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61234" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "JVNDB-2013-000071", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html" + }, + { + "name": "oval:org.mitre.oval:def:18243", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18243" + }, + { + "name": "MS13-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-061" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "1028801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028801" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4375.json b/2013/4xxx/CVE-2013-4375.json index f38945e8e4f..cca13269dc3 100644 --- a/2013/4xxx/CVE-2013-4375.json +++ b/2013/4xxx/CVE-2013-4375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131010 Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/10/14" - }, - { - "name" : "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html", - "refsource" : "CONFIRM", - "url" : "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html" - }, - { - "name" : "GLSA-201407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" - }, - { - "name" : "USN-2092-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2092-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html", + "refsource": "CONFIRM", + "url": "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html" + }, + { + "name": "GLSA-201407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + }, + { + "name": "USN-2092-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2092-1" + }, + { + "name": "[oss-security] 20131010 Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/10/14" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6099.json b/2013/6xxx/CVE-2013-6099.json index 575bc913e02..5b7484b4b3c 100644 --- a/2013/6xxx/CVE-2013-6099.json +++ b/2013/6xxx/CVE-2013-6099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6099", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6099", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6404.json b/2013/6xxx/CVE-2013-6404.json index ba9c9744473..8adedc12b97 100644 --- a/2013/6xxx/CVE-2013-6404.json +++ b/2013/6xxx/CVE-2013-6404.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/28/8" - }, - { - "name" : "http://quassel-irc.org/node/123", - "refsource" : "CONFIRM", - "url" : "http://quassel-irc.org/node/123" - }, - { - "name" : "https://github.com/quassel/quassel/commit/a1a24da", - "refsource" : "CONFIRM", - "url" : "https://github.com/quassel/quassel/commit/a1a24da" - }, - { - "name" : "openSUSE-SU-2013:1929", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html" - }, - { - "name" : "openSUSE-SU-2014:0114", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html" - }, - { - "name" : "100432", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100432" - }, - { - "name" : "55640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55640" - }, - { - "name" : "quasselirc-cve20136404-sec-bypass(89377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/quassel/quassel/commit/a1a24da", + "refsource": "CONFIRM", + "url": "https://github.com/quassel/quassel/commit/a1a24da" + }, + { + "name": "openSUSE-SU-2013:1929", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html" + }, + { + "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8" + }, + { + "name": "http://quassel-irc.org/node/123", + "refsource": "CONFIRM", + "url": "http://quassel-irc.org/node/123" + }, + { + "name": "quasselirc-cve20136404-sec-bypass(89377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377" + }, + { + "name": "55640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55640" + }, + { + "name": "openSUSE-SU-2014:0114", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html" + }, + { + "name": "100432", + "refsource": "OSVDB", + "url": "http://osvdb.org/100432" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7032.json b/2013/7xxx/CVE-2013-7032.json index ed13dbc8adb..c09de2441a0 100644 --- a/2013/7xxx/CVE-2013-7032.json +++ b/2013/7xxx/CVE-2013-7032.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131214 LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0074.html" - }, - { - "name" : "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog", - "refsource" : "CONFIRM", - "url" : "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog" - }, - { - "name" : "101080", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101080" - }, - { - "name" : "livezilla-cve20137032-xss(89809)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131214 LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0074.html" + }, + { + "name": "livezilla-cve20137032-xss(89809)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89809" + }, + { + "name": "101080", + "refsource": "OSVDB", + "url": "http://osvdb.org/101080" + }, + { + "name": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog", + "refsource": "CONFIRM", + "url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7238.json b/2013/7xxx/CVE-2013-7238.json index 15a32e2fb76..b1474778463 100644 --- a/2013/7xxx/CVE-2013-7238.json +++ b/2013/7xxx/CVE-2013-7238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10222.json b/2017/10xxx/CVE-2017-10222.json index d284ac83519..d9c73ecc2af 100644 --- a/2017/10xxx/CVE-2017-10222.json +++ b/2017/10xxx/CVE-2017-10222.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Materials Control", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.31.4" - }, - { - "version_affected" : "=", - "version_value" : "8.32.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Materials Control", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.31.4" + }, + { + "version_affected": "=", + "version_value": "8.32.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99701" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99701" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10250.json b/2017/10xxx/CVE-2017-10250.json index a63cf157219..dafe61164b1 100644 --- a/2017/10xxx/CVE-2017-10250.json +++ b/2017/10xxx/CVE-2017-10250.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99824" - }, - { - "name" : "1038932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99824" + }, + { + "name": "1038932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038932" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10406.json b/2017/10xxx/CVE-2017-10406.json index a71b6af73d5..ca9e4f22df3 100644 --- a/2017/10xxx/CVE-2017-10406.json +++ b/2017/10xxx/CVE-2017-10406.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101471" - }, - { - "name" : "1039598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039598" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101471" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10496.json b/2017/10xxx/CVE-2017-10496.json index cf60e06dcd5..94fb28b956d 100644 --- a/2017/10xxx/CVE-2017-10496.json +++ b/2017/10xxx/CVE-2017-10496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10496", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10496", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13011.json b/2017/13xxx/CVE-2017-13011.json index 266031f3237..0cccf69dc4a 100644 --- a/2017/13xxx/CVE-2017-13011.json +++ b/2017/13xxx/CVE-2017-13011.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13153.json b/2017/13xxx/CVE-2017-13153.json index 59d9350198b..f71640f3ee3 100644 --- a/2017/13xxx/CVE-2017-13153.json +++ b/2017/13xxx/CVE-2017-13153.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-13153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-13153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + }, + { + "name": "102126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102126" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13646.json b/2017/13xxx/CVE-2017-13646.json index 1a625645e69..748b1e36d87 100644 --- a/2017/13xxx/CVE-2017-13646.json +++ b/2017/13xxx/CVE-2017-13646.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13646", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13646", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17050.json b/2017/17xxx/CVE-2017-17050.json index 2565ba99528..cca3fa8d2f8 100644 --- a/2017/17xxx/CVE-2017-17050.json +++ b/2017/17xxx/CVE-2017-17050.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\\\.\\Viragtlt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020", - "refsource" : "MISC", - "url" : "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\\\.\\Viragtlt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020", + "refsource": "MISC", + "url": "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17058.json b/2017/17xxx/CVE-2017-17058.json index b0acec0499b..6c8b258241e 100644 --- a/2017/17xxx/CVE-2017-17058.json +++ b/2017/17xxx/CVE-2017-17058.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have \"if (!defined('ABSPATH')) {exit;}\" code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43196", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43196/" - }, - { - "name" : "https://github.com/woocommerce/woocommerce/issues/17964", - "refsource" : "MISC", - "url" : "https://github.com/woocommerce/woocommerce/issues/17964" - }, - { - "name" : "https://www.exploit-db.com/ghdb/4613/", - "refsource" : "MISC", - "url" : "https://www.exploit-db.com/ghdb/4613/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have \"if (!defined('ABSPATH')) {exit;}\" code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.exploit-db.com/ghdb/4613/", + "refsource": "MISC", + "url": "https://www.exploit-db.com/ghdb/4613/" + }, + { + "name": "https://github.com/woocommerce/woocommerce/issues/17964", + "refsource": "MISC", + "url": "https://github.com/woocommerce/woocommerce/issues/17964" + }, + { + "name": "43196", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43196/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17099.json b/2017/17xxx/CVE-2017-17099.json index fc1a1ed67c0..4df7d5ead35 100644 --- a/2017/17xxx/CVE-2017-17099.json +++ b/2017/17xxx/CVE-2017-17099.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42984", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42984/" - }, - { - "name" : "https://packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42984", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42984/" + }, + { + "name": "https://packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17460.json b/2017/17xxx/CVE-2017-17460.json index 476a52561f3..bafc8913fac 100644 --- a/2017/17xxx/CVE-2017-17460.json +++ b/2017/17xxx/CVE-2017-17460.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17460", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17460", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17593.json b/2017/17xxx/CVE-2017-17593.json index 0db601751bb..7a30f35052c 100644 --- a/2017/17xxx/CVE-2017-17593.json +++ b/2017/17xxx/CVE-2017-17593.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43237", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43237/" - }, - { - "name" : "https://packetstormsecurity.com/files/145247/Simple-Chatting-System-1.0.0-Arbitrary-File-Upload.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145247/Simple-Chatting-System-1.0.0-Arbitrary-File-Upload.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43237", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43237/" + }, + { + "name": "https://packetstormsecurity.com/files/145247/Simple-Chatting-System-1.0.0-Arbitrary-File-Upload.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145247/Simple-Chatting-System-1.0.0-Arbitrary-File-Upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9528.json b/2017/9xxx/CVE-2017-9528.json index 96fc73633b2..b0343524ba2 100644 --- a/2017/9xxx/CVE-2017-9528.json +++ b/2017/9xxx/CVE-2017-9528.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a \"User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9528", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9528" - }, - { - "name" : "http://www.irfanview.com/plugins.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/plugins.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a \"User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9528", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9528" + }, + { + "name": "http://www.irfanview.com/plugins.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/plugins.htm" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9792.json b/2017/9xxx/CVE-2017-9792.json index c57ba472cdf..0840a500180 100644 --- a/2017/9xxx/CVE-2017-9792.json +++ b/2017/9xxx/CVE-2017-9792.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-09-29T00:00:00", - "ID" : "CVE-2017-9792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Impala", - "version" : { - "version_data" : [ - { - "version_value" : "2.8.0 incubating" - }, - { - "version_value" : "2.9.0 incubating" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Impala (incubating) before 2.10.0, a malicious user with \"ALTER\" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it \"external\" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an \"ALL\" privilege at the server scope. This privilege requirement for \"CREATE\" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for \"ALTER\" commands that would make existing non-external Kudu tables external." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-09-29T00:00:00", + "ID": "CVE-2017-9792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Impala", + "version": { + "version_data": [ + { + "version_value": "2.8.0 incubating" + }, + { + "version_value": "2.9.0 incubating" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20170929 CVE-2017-9792 Apache Impala (incubating) Information Disclosure", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/74a163df0cdefcd738c8d18821e69aa69eed2ba5384c0cc255d15c4b@%3Cannounce.apache.org%3E" - }, - { - "name" : "https://issues.apache.org/jira/browse/IMPALA-5638", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/IMPALA-5638" - }, - { - "name" : "101173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Impala (incubating) before 2.10.0, a malicious user with \"ALTER\" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it \"external\" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an \"ALL\" privilege at the server scope. This privilege requirement for \"CREATE\" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for \"ALTER\" commands that would make existing non-external Kudu tables external." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/IMPALA-5638", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/IMPALA-5638" + }, + { + "name": "101173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101173" + }, + { + "name": "[announce] 20170929 CVE-2017-9792 Apache Impala (incubating) Information Disclosure", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/74a163df0cdefcd738c8d18821e69aa69eed2ba5384c0cc255d15c4b@%3Cannounce.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9937.json b/2017/9xxx/CVE-2017-9937.json index d3602877680..914ad5c1c23 100644 --- a/2017/9xxx/CVE-2017-9937.json +++ b/2017/9xxx/CVE-2017-9937.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2707", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2707" - }, - { - "name" : "99304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2707", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2707" + }, + { + "name": "99304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99304" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0035.json b/2018/0xxx/CVE-2018-0035.json index 7993ffd5d6b..776e390ab01 100644 --- a/2018/0xxx/CVE-2018-0035.json +++ b/2018/0xxx/CVE-2018-0035.json @@ -1,120 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-07-11T16:00:00.000Z", - "ID" : "CVE-2018-0035", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "QFX5200 and QFX10002", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D60" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "Customer can identify whether their device is affected by running the following commands from the Junos OS shell:\n\nAffected System :\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@:RE:0~# grub-fstest /dev/sda2 ls /var/tmp /onie/ | grep onie \n vmlinuz-3.2.35-onie initrd.img-3.2.35-onie tools/ grub/ grub.d/ \n root@:RE:0:~# \nNote: the two files, vmlinuz-3.2.35-onie and initrd.img-3.2.35-onie (version may vary) will be present.\n\nNon-affected System:\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@local-node:~# grub-fstest /dev/sda2 ls /onie/ | grep onie \n root@local-node:~# \nNote: no grep output related to ONIE partition." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 4.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service\n" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-07-11T16:00:00.000Z", + "ID": "CVE-2018-0035", + "STATE": "PUBLIC", + "TITLE": "Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "QFX5200 and QFX10002", + "version_name": "15.1X53", + "version_value": "15.1X53-D60" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10869", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10869" - }, - { - "name" : "1041336", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041336" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "In order to resolve this issue (remove the ONIE partition from the device), customer needs to reimage the device using the USB or PXE image from the Juniper download page.\nThe affected Junos image files have been removed from the Juniper download page." - } - ], - "source" : { - "advisory" : "JSA10869", - "defect" : [ - "1335427", - "1335713" - ], - "discovery" : "INTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no known workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to device only from trusted, administrative networks or hosts. Limit CLI access to the device from only trusted hosts and administrators." - } - ] -} + } + }, + "configuration": [ + { + "lang": "eng", + "value": "Customer can identify whether their device is affected by running the following commands from the Junos OS shell:\n\nAffected System :\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@:RE:0~# grub-fstest /dev/sda2 ls /var/tmp /onie/ | grep onie \n vmlinuz-3.2.35-onie initrd.img-3.2.35-onie tools/ grub/ grub.d/ \n root@:RE:0:~# \nNote: the two files, vmlinuz-3.2.35-onie and initrd.img-3.2.35-onie (version may vary) will be present.\n\nNon-affected System:\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@local-node:~# grub-fstest /dev/sda2 ls /onie/ | grep onie \n root@local-node:~# \nNote: no grep output related to ONIE partition." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service\n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10869", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10869" + }, + { + "name": "1041336", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041336" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "In order to resolve this issue (remove the ONIE partition from the device), customer needs to reimage the device using the USB or PXE image from the Juniper download page.\nThe affected Junos image files have been removed from the Juniper download page." + } + ], + "source": { + "advisory": "JSA10869", + "defect": [ + "1335427", + "1335713" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to device only from trusted, administrative networks or hosts. Limit CLI access to the device from only trusted hosts and administrators." + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0444.json b/2018/0xxx/CVE-2018-0444.json index a4a3c0bedc7..da3fc3c5324 100644 --- a/2018/0xxx/CVE-2018-0444.json +++ b/2018/0xxx/CVE-2018-0444.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-05T16:00:00-0500", - "ID" : "CVE-2018-0444", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Packaged Contact Center Enterprise ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.1", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-05T16:00:00-0500", + "ID": "CVE-2018-0444", + "STATE": "PUBLIC", + "TITLE": "Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Packaged Contact Center Enterprise ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180905-pcce", - "defect" : [ - [ - "CSCvi88426" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180905-pcce", + "defect": [ + [ + "CSCvi88426" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0584.json b/2018/0xxx/CVE-2018-0584.json index edc1617634b..e5df636030b 100644 --- a/2018/0xxx/CVE-2018-0584.json +++ b/2018/0xxx/CVE-2018-0584.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IIJ SmartKey App for Android", - "version" : { - "version_data" : [ - { - "version_value" : "version 2.1.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Internet Initiative Japan Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IIJ SmartKey App for Android", + "version": { + "version_data": [ + { + "version_value": "version 2.1.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Internet Initiative Japan Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#27137002", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN27137002/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#27137002", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN27137002/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0634.json b/2018/0xxx/CVE-2018-0634.json index c0ca8091584..0e48f2a8020 100644 --- a/2018/0xxx/CVE-2018-0634.json +++ b/2018/0xxx/CVE-2018-0634.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HC100RC", - "version" : { - "version_data" : [ - { - "version_value" : "Ver1.0.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NEC Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html", - "refsource" : "MISC", - "url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html" - }, - { - "name" : "JVN#84825660", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN84825660/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#84825660", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + }, + { + "name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html", + "refsource": "MISC", + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0877.json b/2018/0xxx/CVE-2018-0877.json index 2beb4802835..360e289051c 100644 --- a/2018/0xxx/CVE-2018-0877.json +++ b/2018/0xxx/CVE-2018-0877.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Desktop Bridge Virtual File System", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka \"Windows Desktop Bridge VFS Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Desktop Bridge Virtual File System", + "version": { + "version_data": [ + { + "version_value": "Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44313", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44313/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877" - }, - { - "name" : "103227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103227" - }, - { - "name" : "1040520", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka \"Windows Desktop Bridge VFS Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040520", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040520" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877" + }, + { + "name": "103227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103227" + }, + { + "name": "44313", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44313/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000201.json b/2018/1000xxx/CVE-2018-1000201.json index 2632c7efca2..d91223906aa 100644 --- a/2018/1000xxx/CVE-2018-1000201.json +++ b/2018/1000xxx/CVE-2018-1000201.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-06", - "ID" : "CVE-2018-1000201", - "REQUESTER" : "lars@greiz-reinsdorf.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ruby-ffi ", - "version" : { - "version_data" : [ - { - "version_value" : "1.9.23 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "ruby-ffi" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-427: Uncontrolled Search Path Element" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-06", + "ID": "CVE-2018-1000201", + "REQUESTER": "lars@greiz-reinsdorf.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a", - "refsource" : "CONFIRM", - "url" : "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a" - }, - { - "name" : "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c", - "refsource" : "CONFIRM", - "url" : "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c", + "refsource": "CONFIRM", + "url": "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c" + }, + { + "name": "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a", + "refsource": "CONFIRM", + "url": "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18867.json b/2018/18xxx/CVE-2018-18867.json index 2dd3d9f7f2f..ff83857ecd2 100644 --- a/2018/18xxx/CVE-2018-18867.json +++ b/2018/18xxx/CVE-2018-18867.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/trippo/ResponsiveFilemanager/issues/506", - "refsource" : "MISC", - "url" : "https://github.com/trippo/ResponsiveFilemanager/issues/506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/trippo/ResponsiveFilemanager/issues/506", + "refsource": "MISC", + "url": "https://github.com/trippo/ResponsiveFilemanager/issues/506" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19164.json b/2018/19xxx/CVE-2018-19164.json index 17ad7a9d23b..f14d1b89c61 100644 --- a/2018/19xxx/CVE-2018-19164.json +++ b/2018/19xxx/CVE-2018-19164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19164", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19541.json b/2018/19xxx/CVE-2018-19541.json index 9dfd66da9ae..acd70cb544d 100644 --- a/2018/19xxx/CVE-2018-19541.json +++ b/2018/19xxx/CVE-2018-19541.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html" - }, - { - "name" : "https://github.com/mdadams/jasper/issues/182", - "refsource" : "MISC", - "url" : "https://github.com/mdadams/jasper/issues/182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html" + }, + { + "name": "https://github.com/mdadams/jasper/issues/182", + "refsource": "MISC", + "url": "https://github.com/mdadams/jasper/issues/182" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19803.json b/2018/19xxx/CVE-2018-19803.json index 5050ecc39e4..f45d79679b4 100644 --- a/2018/19xxx/CVE-2018-19803.json +++ b/2018/19xxx/CVE-2018-19803.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19803", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19803", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19898.json b/2018/19xxx/CVE-2018-19898.json index 0262f0a0acd..dbe44535dcb 100644 --- a/2018/19xxx/CVE-2018-19898.json +++ b/2018/19xxx/CVE-2018-19898.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/thinkcmf/cmfx/issues/26", - "refsource" : "MISC", - "url" : "https://github.com/thinkcmf/cmfx/issues/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/thinkcmf/cmfx/issues/26", + "refsource": "MISC", + "url": "https://github.com/thinkcmf/cmfx/issues/26" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1146.json b/2018/1xxx/CVE-2018-1146.json index 296ee1ae787..700885966c6 100644 --- a/2018/1xxx/CVE-2018-1146.json +++ b/2018/1xxx/CVE-2018-1146.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-04-16T00:00:00", - "ID" : "CVE-2018-1146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware 1.10.22?" - } - ] - } - } - ] - }, - "vendor_name" : "Belkin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-04-16T00:00:00", + "ID": "CVE-2018-1146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)", + "version": { + "version_data": [ + { + "version_value": "Firmware 1.10.22?" + } + ] + } + } + ] + }, + "vendor_name": "Belkin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-08", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-08", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-08" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1732.json b/2018/1xxx/CVE-2018-1732.json index c986556744a..6dcb929dc8a 100644 --- a/2018/1xxx/CVE-2018-1732.json +++ b/2018/1xxx/CVE-2018-1732.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-03T00:00:00", - "ID" : "CVE-2018-1732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "1.14.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-03T00:00:00", + "ID": "CVE-2018-1732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "1.14.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10736009", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10736009" - }, - { - "name" : "ibm-qradar-cve20181732-info-disc(147810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10736009", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10736009" + }, + { + "name": "ibm-qradar-cve20181732-info-disc(147810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147810" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1917.json b/2018/1xxx/CVE-2018-1917.json index 218aebf5fb9..73ffb176cff 100644 --- a/2018/1xxx/CVE-2018-1917.json +++ b/2018/1xxx/CVE-2018-1917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file