diff --git a/2008/0xxx/CVE-2008-0400.json b/2008/0xxx/CVE-2008-0400.json index a41b78a7745..d8abfe36784 100644 --- a/2008/0xxx/CVE-2008-0400.json +++ b/2008/0xxx/CVE-2008-0400.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txt", - "refsource" : "MISC", - "url" : "http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txt" - }, - { - "name" : "27382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27382" - }, - { - "name" : "ADV-2008-0234", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0234" - }, - { - "name" : "28573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28573" + }, + { + "name": "27382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27382" + }, + { + "name": "http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txt", + "refsource": "MISC", + "url": "http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txt" + }, + { + "name": "ADV-2008-0234", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0234" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0893.json b/2008/0xxx/CVE-2008-0893.json index c6a165f7f03..319974745fa 100644 --- a/2008/0xxx/CVE-2008-0893.json +++ b/2008/0xxx/CVE-2008-0893.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=437320", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=437320" - }, - { - "name" : "FEDORA-2008-3214", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html" - }, - { - "name" : "FEDORA-2008-3220", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html" - }, - { - "name" : "RHSA-2008:0201", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0201.html" - }, - { - "name" : "28802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28802" - }, - { - "name" : "1019857", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019857" - }, - { - "name" : "29761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29761" - }, - { - "name" : "29826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29826" - }, - { - "name" : "rhds-cgiscripts-security-bypass(41843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-3220", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html" + }, + { + "name": "rhds-cgiscripts-security-bypass(41843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843" + }, + { + "name": "1019857", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019857" + }, + { + "name": "28802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28802" + }, + { + "name": "RHSA-2008:0201", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html" + }, + { + "name": "FEDORA-2008-3214", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html" + }, + { + "name": "29761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29761" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=437320", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320" + }, + { + "name": "29826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29826" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0957.json b/2008/0xxx/CVE-2008-0957.json index 14444199eae..d48e84d1d6f 100644 --- a/2008/0xxx/CVE-2008-0957.json +++ b/2008/0xxx/CVE-2008-0957.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2008-0957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#406937", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/406937" - }, - { - "name" : "29279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29279" - }, - { - "name" : "ADV-2008-1571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1571" - }, - { - "name" : "30305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30305" - }, - { - "name" : "photostockplus-uploader-bo(42534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30305" + }, + { + "name": "photostockplus-uploader-bo(42534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42534" + }, + { + "name": "29279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29279" + }, + { + "name": "VU#406937", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/406937" + }, + { + "name": "ADV-2008-1571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1571" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1122.json b/2008/1xxx/CVE-2008-1122.json index ac445a2f4cf..e083fcf9b83 100644 --- a/2008/1xxx/CVE-2008-1122.json +++ b/2008/1xxx/CVE-2008-1122.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080415 Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490886/100/0/threaded" - }, - { - "name" : "5198", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5198" - }, - { - "name" : "5447", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5447" - }, - { - "name" : "28031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28031" - }, - { - "name" : "koobi-categ-sql-injection(40903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "koobi-categ-sql-injection(40903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40903" + }, + { + "name": "5198", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5198" + }, + { + "name": "28031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28031" + }, + { + "name": "20080415 Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490886/100/0/threaded" + }, + { + "name": "5447", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5447" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1385.json b/2008/1xxx/CVE-2008-1385.json index b2fbb4d1032..4f48aba62c6 100644 --- a/2008/1xxx/CVE-2008-1385.json +++ b/2008/1xxx/CVE-2008-1385.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491176/100/0/threaded" - }, - { - "name" : "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html" - }, - { - "name" : "http://int21.de/cve/CVE-2008-1385-s9y.html", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2008-1385-s9y.html" - }, - { - "name" : "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html" - }, - { - "name" : "28885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28885" - }, - { - "name" : "ADV-2008-1348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1348/references" - }, - { - "name" : "1019915", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019915" - }, - { - "name" : "29942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29942" - }, - { - "name" : "topreferrers-referer-xss(41965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html" + }, + { + "name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded" + }, + { + "name": "28885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28885" + }, + { + "name": "ADV-2008-1348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1348/references" + }, + { + "name": "29942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29942" + }, + { + "name": "topreferrers-referer-xss(41965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965" + }, + { + "name": "1019915", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019915" + }, + { + "name": "http://int21.de/cve/CVE-2008-1385-s9y.html", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2008-1385-s9y.html" + }, + { + "name": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html", + "refsource": "CONFIRM", + "url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1419.json b/2008/1xxx/CVE-2008-1419.json index c1bef08f2b0..ebbbd32f82c 100644 --- a/2008/1xxx/CVE-2008-1419.json +++ b/2008/1xxx/CVE-2008-1419.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=440700", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=440700" - }, - { - "name" : "DSA-1591", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1591" - }, - { - "name" : "FEDORA-2008-3898", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html" - }, - { - "name" : "FEDORA-2008-3910", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html" - }, - { - "name" : "FEDORA-2008-3934", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html" - }, - { - "name" : "GLSA-200806-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200806-09.xml" - }, - { - "name" : "MDVSA-2008:102", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102" - }, - { - "name" : "RHSA-2008:0270", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0270.html" - }, - { - "name" : "RHSA-2008:0271", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0271.html" - }, - { - "name" : "SUSE-SR:2008:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" - }, - { - "name" : "USN-682-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-682-1" - }, - { - "name" : "29206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29206" - }, - { - "name" : "oval:org.mitre.oval:def:10104", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104" - }, - { - "name" : "32946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32946" - }, - { - "name" : "ADV-2008-1510", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1510/references" - }, - { - "name" : "1020029", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020029" - }, - { - "name" : "30234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30234" - }, - { - "name" : "30237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30237" - }, - { - "name" : "30247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30247" - }, - { - "name" : "30259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30259" - }, - { - "name" : "30479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30479" - }, - { - "name" : "30581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30581" - }, - { - "name" : "30820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30820" - }, - { - "name" : "libvorbis-ogg-bo(42397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42397" - }, - { - "name" : "libvorbis-ogg-dos(42400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "libvorbis-ogg-dos(42400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42400" + }, + { + "name": "30234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30234" + }, + { + "name": "RHSA-2008:0270", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0270.html" + }, + { + "name": "SUSE-SR:2008:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" + }, + { + "name": "DSA-1591", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1591" + }, + { + "name": "FEDORA-2008-3910", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html" + }, + { + "name": "libvorbis-ogg-bo(42397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42397" + }, + { + "name": "FEDORA-2008-3898", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html" + }, + { + "name": "RHSA-2008:0271", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0271.html" + }, + { + "name": "1020029", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020029" + }, + { + "name": "USN-682-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-682-1" + }, + { + "name": "30237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30237" + }, + { + "name": "GLSA-200806-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200806-09.xml" + }, + { + "name": "oval:org.mitre.oval:def:10104", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104" + }, + { + "name": "30479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30479" + }, + { + "name": "29206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29206" + }, + { + "name": "30259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30259" + }, + { + "name": "ADV-2008-1510", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1510/references" + }, + { + "name": "30247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30247" + }, + { + "name": "30820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30820" + }, + { + "name": "FEDORA-2008-3934", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html" + }, + { + "name": "MDVSA-2008:102", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:102" + }, + { + "name": "32946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32946" + }, + { + "name": "30581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30581" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=440700", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440700" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1561.json b/2008/1xxx/CVE-2008-1561.json index 2e1cb815155..9db5eebcc93 100644 --- a/2008/1xxx/CVE-2008-1561.json +++ b/2008/1xxx/CVE-2008-1561.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080404 rPSA-2008-0138-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490487/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-02.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2418", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2418" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" - }, - { - "name" : "FEDORA-2008-2941", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" - }, - { - "name" : "FEDORA-2008-3040", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" - }, - { - "name" : "GLSA-200805-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-05.xml" - }, - { - "name" : "MDVSA-2008:091", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:091" - }, - { - "name" : "RHSA-2008:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" - }, - { - "name" : "SUSE-SR:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" - }, - { - "name" : "28485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28485" - }, - { - "name" : "oval:org.mitre.oval:def:9315", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9315" - }, - { - "name" : "oval:org.mitre.oval:def:15089", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15089" - }, - { - "name" : "ADV-2008-1007", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1007/references" - }, - { - "name" : "ADV-2008-2773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2773" - }, - { - "name" : "1019728", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019728" - }, - { - "name" : "29569", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29569" - }, - { - "name" : "29736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29736" - }, - { - "name" : "29622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29622" - }, - { - "name" : "29695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29695" - }, - { - "name" : "29971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29971" - }, - { - "name" : "32091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32091" - }, - { - "name" : "wireshark-roofnet-dissector-dos(41515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41515" - }, - { - "name" : "wireshark-x509sat-dissector-dos(41514)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29622" + }, + { + "name": "SUSE-SR:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" + }, + { + "name": "RHSA-2008:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html" + }, + { + "name": "20080404 rPSA-2008-0138-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490487/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:15089", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15089" + }, + { + "name": "FEDORA-2008-3040", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" + }, + { + "name": "29695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29695" + }, + { + "name": "MDVSA-2008:091", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:091" + }, + { + "name": "GLSA-200805-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-05.xml" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138" + }, + { + "name": "29971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29971" + }, + { + "name": "28485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28485" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" + }, + { + "name": "32091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32091" + }, + { + "name": "29736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29736" + }, + { + "name": "ADV-2008-2773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2773" + }, + { + "name": "1019728", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019728" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-02.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-02.html" + }, + { + "name": "wireshark-x509sat-dissector-dos(41514)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41514" + }, + { + "name": "ADV-2008-1007", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1007/references" + }, + { + "name": "29569", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29569" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2418", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2418" + }, + { + "name": "oval:org.mitre.oval:def:9315", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9315" + }, + { + "name": "wireshark-roofnet-dissector-dos(41515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41515" + }, + { + "name": "FEDORA-2008-2941", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4396.json b/2008/4xxx/CVE-2008-4396.json index 593448c01f2..aad9f8f4f40 100644 --- a/2008/4xxx/CVE-2008-4396.json +++ b/2008/4xxx/CVE-2008-4396.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.spybot.info/showthread.php?t=34737", - "refsource" : "MISC", - "url" : "http://forums.spybot.info/showthread.php?t=34737" - }, - { - "name" : "http://lostmon.blogspot.com/2008/09/filealyzer-1604-stak-overflow.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2008/09/filealyzer-1604-stak-overflow.html" - }, - { - "name" : "http://packetstormsecurity.org/0809-advisories/filealyzer-overflow.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0809-advisories/filealyzer-overflow.txt" - }, - { - "name" : "31474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31474" - }, - { - "name" : "filealyzer-versioninformation-bo(45516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "filealyzer-versioninformation-bo(45516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45516" + }, + { + "name": "http://packetstormsecurity.org/0809-advisories/filealyzer-overflow.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0809-advisories/filealyzer-overflow.txt" + }, + { + "name": "http://forums.spybot.info/showthread.php?t=34737", + "refsource": "MISC", + "url": "http://forums.spybot.info/showthread.php?t=34737" + }, + { + "name": "31474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31474" + }, + { + "name": "http://lostmon.blogspot.com/2008/09/filealyzer-1604-stak-overflow.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2008/09/filealyzer-1604-stak-overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5039.json b/2008/5xxx/CVE-2008-5039.json index 468281e2df5..4b7311a62b7 100644 --- a/2008/5xxx/CVE-2008-5039.json +++ b/2008/5xxx/CVE-2008-5039.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081028 PHP-Nuke Module League (team&tid) XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497855/100/0/threaded" - }, - { - "name" : "31952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31952" - }, - { - "name" : "4575", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4575" - }, - { - "name" : "nukeleague-module-sql-injection(46154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31952" + }, + { + "name": "4575", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4575" + }, + { + "name": "nukeleague-module-sql-injection(46154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46154" + }, + { + "name": "20081028 PHP-Nuke Module League (team&tid) XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497855/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5741.json b/2008/5xxx/CVE-2008-5741.json index 091a2929d05..8cadd622486 100644 --- a/2008/5xxx/CVE-2008-5741.json +++ b/2008/5xxx/CVE-2008-5741.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5741", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5741", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3151.json b/2013/3xxx/CVE-2013-3151.json index 465609f3804..4a151b22835 100644 --- a/2013/3xxx/CVE-2013-3151.json +++ b/2013/3xxx/CVE-2013-3151.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3144 and CVE-2013-3163." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-055", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" - }, - { - "name" : "TA13-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" - }, - { - "name" : "oval:org.mitre.oval:def:17088", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3144 and CVE-2013-3163." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17088", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17088" + }, + { + "name": "MS13-055", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" + }, + { + "name": "TA13-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-190A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3158.json b/2013/3xxx/CVE-2013-3158.json index 57a303bd6ac..c97c7bacda4 100644 --- a/2013/3xxx/CVE-2013-3158.json +++ b/2013/3xxx/CVE-2013-3158.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-073", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18984", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-073", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073" + }, + { + "name": "oval:org.mitre.oval:def:18984", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18984" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4423.json b/2013/4xxx/CVE-2013-4423.json index 78ecaf7a1f7..6531b4ef56a 100644 --- a/2013/4xxx/CVE-2013-4423.json +++ b/2013/4xxx/CVE-2013-4423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4480.json b/2013/4xxx/CVE-2013-4480.json index 316a7f21474..99958710491 100644 --- a/2013/4xxx/CVE-2013-4480.json +++ b/2013/4xxx/CVE-2013-4480.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://access.redhat.com/site/articles/539283", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/site/articles/539283" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1024614", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1024614" - }, - { - "name" : "RHSA-2013:1513", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1513.html" - }, - { - "name" : "RHSA-2013:1514", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1514.html" - }, - { - "name" : "SUSE-SU-2013:1661", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:1661", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1024614", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1024614" + }, + { + "name": "RHSA-2013:1513", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1513.html" + }, + { + "name": "RHSA-2013:1514", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1514.html" + }, + { + "name": "https://access.redhat.com/site/articles/539283", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/site/articles/539283" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4694.json b/2013/4xxx/CVE-2013-4694.json index 3fb07dd6389..b9ea686884c 100644 --- a/2013/4xxx/CVE-2013-4694.json +++ b/2013/4xxx/CVE-2013-4694.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26558", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/26558" - }, - { - "name" : "20130701 [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jul/4" - }, - { - "name" : "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html" - }, - { - "name" : "http://packetstormsecurity.com/files/122978", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122978" - }, - { - "name" : "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695", - "refsource" : "MISC", - "url" : "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695" - }, - { - "name" : "http://forums.winamp.com/showthread.php?t=364291", - "refsource" : "CONFIRM", - "url" : "http://forums.winamp.com/showthread.php?t=364291" - }, - { - "name" : "60883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60883" - }, - { - "name" : "94739", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/94739" - }, - { - "name" : "94740", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/94740" - }, - { - "name" : "1030107", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030107" - }, - { - "name" : "winamp-cve20134694-bo(85399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130701 [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jul/4" + }, + { + "name": "26558", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/26558" + }, + { + "name": "http://forums.winamp.com/showthread.php?t=364291", + "refsource": "CONFIRM", + "url": "http://forums.winamp.com/showthread.php?t=364291" + }, + { + "name": "winamp-cve20134694-bo(85399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85399" + }, + { + "name": "94739", + "refsource": "OSVDB", + "url": "http://osvdb.org/94739" + }, + { + "name": "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html" + }, + { + "name": "94740", + "refsource": "OSVDB", + "url": "http://osvdb.org/94740" + }, + { + "name": "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695", + "refsource": "MISC", + "url": "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695" + }, + { + "name": "1030107", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030107" + }, + { + "name": "http://packetstormsecurity.com/files/122978", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122978" + }, + { + "name": "60883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60883" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6055.json b/2013/6xxx/CVE-2013-6055.json index 3e1ea292e43..d69ffac8f42 100644 --- a/2013/6xxx/CVE-2013-6055.json +++ b/2013/6xxx/CVE-2013-6055.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6055", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6055", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6411.json b/2013/6xxx/CVE-2013-6411.json index 47d1a9a1b17..7797d70b159 100644 --- a/2013/6xxx/CVE-2013-6411.json +++ b/2013/6xxx/CVE-2013-6411.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131129 Re: CVE request for OpenTTD", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/375" - }, - { - "name" : "http://bugs.openttd.org/task/5820", - "refsource" : "CONFIRM", - "url" : "http://bugs.openttd.org/task/5820" - }, - { - "name" : "http://vcs.openttd.org/svn/changeset/26134", - "refsource" : "CONFIRM", - "url" : "http://vcs.openttd.org/svn/changeset/26134" - }, - { - "name" : "https://security.openttd.org/en/CVE-2013-6411", - "refsource" : "CONFIRM", - "url" : "https://security.openttd.org/en/CVE-2013-6411" - }, - { - "name" : "openSUSE-SU-2013:1932", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00095.html" - }, - { - "name" : "64003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64003" - }, - { - "name" : "55589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55589" - }, - { - "name" : "56218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56218" - }, - { - "name" : "openttd-cve20136411-dos(89334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56218" + }, + { + "name": "64003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64003" + }, + { + "name": "openttd-cve20136411-dos(89334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89334" + }, + { + "name": "openSUSE-SU-2013:1932", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00095.html" + }, + { + "name": "55589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55589" + }, + { + "name": "http://vcs.openttd.org/svn/changeset/26134", + "refsource": "CONFIRM", + "url": "http://vcs.openttd.org/svn/changeset/26134" + }, + { + "name": "https://security.openttd.org/en/CVE-2013-6411", + "refsource": "CONFIRM", + "url": "https://security.openttd.org/en/CVE-2013-6411" + }, + { + "name": "[oss-security] 20131129 Re: CVE request for OpenTTD", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/375" + }, + { + "name": "http://bugs.openttd.org/task/5820", + "refsource": "CONFIRM", + "url": "http://bugs.openttd.org/task/5820" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7012.json b/2013/7xxx/CVE-2013-7012.json index 35f4e779bdb..7afa075ded6 100644 --- a/2013/7xxx/CVE-2013-7012.json +++ b/2013/7xxx/CVE-2013-7012.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/11/26/7" - }, - { - "name" : "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/12/08/3" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a" - }, - { - "name" : "https://trac.ffmpeg.org/ticket/3080", - "refsource" : "CONFIRM", - "url" : "https://trac.ffmpeg.org/ticket/3080" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/12/08/3" + }, + { + "name": "https://trac.ffmpeg.org/ticket/3080", + "refsource": "CONFIRM", + "url": "https://trac.ffmpeg.org/ticket/3080" + }, + { + "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/11/26/7" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7444.json b/2013/7xxx/CVE-2013-7444.json index dbba24819c6..4d31f330336 100644 --- a/2013/7xxx/CVE-2013-7444.json +++ b/2013/7xxx/CVE-2013-7444.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html" - }, - { - "name" : "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/12/6" - }, - { - "name" : "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/27/6" - }, - { - "name" : "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e", - "refsource" : "CONFIRM", - "url" : "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e" - }, - { - "name" : "https://phabricator.wikimedia.org/T48457", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T48457" - }, - { - "name" : "FEDORA-2015-13920", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6" + }, + { + "name": "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e", + "refsource": "CONFIRM", + "url": "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e" + }, + { + "name": "https://phabricator.wikimedia.org/T48457", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T48457" + }, + { + "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6" + }, + { + "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html" + }, + { + "name": "FEDORA-2015-13920", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10165.json b/2017/10xxx/CVE-2017-10165.json index a5812b70c5b..383e24194fc 100644 --- a/2017/10xxx/CVE-2017-10165.json +++ b/2017/10xxx/CVE-2017-10165.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.19 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.19 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" - }, - { - "name" : "RHSA-2017:3442", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3442" - }, - { - "name" : "101424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101424" - }, - { - "name" : "1039597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0002/" + }, + { + "name": "1039597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039597" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101424" + }, + { + "name": "RHSA-2017:3442", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3442" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10693.json b/2017/10xxx/CVE-2017-10693.json index eb83469afb0..a5ea0786efd 100644 --- a/2017/10xxx/CVE-2017-10693.json +++ b/2017/10xxx/CVE-2017-10693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10879.json b/2017/10xxx/CVE-2017-10879.json index e6e4046b29b..d2766e6a419 100644 --- a/2017/10xxx/CVE-2017-10879.json +++ b/2017/10xxx/CVE-2017-10879.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10879", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10879", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12411.json b/2017/12xxx/CVE-2017-12411.json index 5fae48960a1..4ea598224ae 100644 --- a/2017/12xxx/CVE-2017-12411.json +++ b/2017/12xxx/CVE-2017-12411.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12411", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12411", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12975.json b/2017/12xxx/CVE-2017-12975.json index 5483a650a8c..d9476082814 100644 --- a/2017/12xxx/CVE-2017-12975.json +++ b/2017/12xxx/CVE-2017-12975.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12975", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12975", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13494.json b/2017/13xxx/CVE-2017-13494.json index 1faca965518..d9b5d9e32d1 100644 --- a/2017/13xxx/CVE-2017-13494.json +++ b/2017/13xxx/CVE-2017-13494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13494", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13494", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13562.json b/2017/13xxx/CVE-2017-13562.json index 0ccd6c6d378..e3e283b67f0 100644 --- a/2017/13xxx/CVE-2017-13562.json +++ b/2017/13xxx/CVE-2017-13562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13562", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13562", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13635.json b/2017/13xxx/CVE-2017-13635.json index 99f300360c5..d909a42b984 100644 --- a/2017/13xxx/CVE-2017-13635.json +++ b/2017/13xxx/CVE-2017-13635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17125.json b/2017/17xxx/CVE-2017-17125.json index ee004a12d84..6db968b8e33 100644 --- a/2017/17xxx/CVE-2017-17125.json +++ b/2017/17xxx/CVE-2017-17125.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22443" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22443" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" + }, + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17143.json b/2017/17xxx/CVE-2017-17143.json index 513b8d5e735..e2e37dbe852 100644 --- a/2017/17xxx/CVE-2017-17143.json +++ b/2017/17xxx/CVE-2017-17143.json @@ -1,351 +1,351 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-12-06T00:00:00", - "ID" : "CVE-2017-17143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981", - "version" : { - "version_data" : [ - { - "version_value" : "DP300 V500R002C00" - }, - { - "version_value" : "V500R002C00SPC100" - }, - { - "version_value" : "V500R002C00SPC200" - }, - { - "version_value" : "V500R002C00SPC300" - }, - { - "version_value" : "V500R002C00SPC400" - }, - { - "version_value" : "V500R002C00SPC500" - }, - { - "version_value" : "V500R002C00SPC600" - }, - { - "version_value" : "V500R002C00SPC800" - }, - { - "version_value" : "V500R002C00SPC900" - }, - { - "version_value" : "V500R002C00SPCa00" - }, - { - "version_value" : "RP200 V500R002C00SPC200" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "V600R006C00SPC200" - }, - { - "version_value" : "RSE6500 V500R002C00SPC100" - }, - { - "version_value" : "V500R002C00SPC200" - }, - { - "version_value" : "V500R002C00SPC300" - }, - { - "version_value" : "V500R002C00SPC300T" - }, - { - "version_value" : "V500R002C00SPC500" - }, - { - "version_value" : "V500R002C00SPC600" - }, - { - "version_value" : "V500R002C00SPC700" - }, - { - "version_value" : "V500R002C00T" - }, - { - "version_value" : "TE30 V100R001C10" - }, - { - "version_value" : "V100R001C10SPC100" - }, - { - "version_value" : "V100R001C10SPC200B010" - }, - { - "version_value" : "V100R001C10SPC300" - }, - { - "version_value" : "V100R001C10SPC500" - }, - { - "version_value" : "V100R001C10SPC600" - }, - { - "version_value" : "V100R001C10SPC700B010" - }, - { - "version_value" : "V100R001C10SPC800" - }, - { - "version_value" : "V500R002C00SPC200" - }, - { - "version_value" : "V500R002C00SPC500" - }, - { - "version_value" : "V500R002C00SPC600" - }, - { - "version_value" : "V500R002C00SPC700" - }, - { - "version_value" : "V500R002C00SPC900" - }, - { - "version_value" : "V500R002C00SPCb00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "TE40 V500R002C00SPC600" - }, - { - "version_value" : "V500R002C00SPC700" - }, - { - "version_value" : "V500R002C00SPC900" - }, - { - "version_value" : "V500R002C00SPCb00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "V600R006C00SPC200" - }, - { - "version_value" : "TE50 V500R002C00SPC600" - }, - { - "version_value" : "V500R002C00SPC700" - }, - { - "version_value" : "V500R002C00SPCb00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "V600R006C00SPC200" - }, - { - "version_value" : "TE60 V100R001C01SPC100" - }, - { - "version_value" : "V100R001C01SPC107TB010" - }, - { - "version_value" : "V100R001C10" - }, - { - "version_value" : "V100R001C10SPC300" - }, - { - "version_value" : "V100R001C10SPC400" - }, - { - "version_value" : "V100R001C10SPC500" - }, - { - "version_value" : "V100R001C10SPC600" - }, - { - "version_value" : "V100R001C10SPC700" - }, - { - "version_value" : "V100R001C10SPC800" - }, - { - "version_value" : "V100R001C10SPC900" - }, - { - "version_value" : "V500R002C00" - }, - { - "version_value" : "V500R002C00SPC100" - }, - { - "version_value" : "V500R002C00SPC200" - }, - { - "version_value" : "V500R002C00SPC300" - }, - { - "version_value" : "V500R002C00SPC600" - }, - { - "version_value" : "V500R002C00SPC700" - }, - { - "version_value" : "V500R002C00SPC800" - }, - { - "version_value" : "V500R002C00SPC900" - }, - { - "version_value" : "V500R002C00SPCa00" - }, - { - "version_value" : "V500R002C00SPCb00" - }, - { - "version_value" : "V500R002C00SPCd00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "V600R006C00SPC100" - }, - { - "version_value" : "V600R006C00SPC200" - }, - { - "version_value" : "V600R006C00SPC300" - }, - { - "version_value" : "TP3106 V100R002C00" - }, - { - "version_value" : "V100R002C00SPC200" - }, - { - "version_value" : "V100R002C00SPC400" - }, - { - "version_value" : "V100R002C00SPC600" - }, - { - "version_value" : "V100R002C00SPC700" - }, - { - "version_value" : "V100R002C00SPC800" - }, - { - "version_value" : "TP3206 V100R002C00" - }, - { - "version_value" : "V100R002C00SPC200" - }, - { - "version_value" : "V100R002C00SPC400" - }, - { - "version_value" : "V100R002C00SPC600" - }, - { - "version_value" : "V100R002C00SPC700" - }, - { - "version_value" : "V100R002C10" - }, - { - "version_value" : "ViewPoint 9030 V100R011C02SPC100" - }, - { - "version_value" : "V100R011C03B012SP15" - }, - { - "version_value" : "V100R011C03B012SP16" - }, - { - "version_value" : "V100R011C03B015SP03" - }, - { - "version_value" : "V100R011C03LGWL01SPC100" - }, - { - "version_value" : "V100R011C03SPC100" - }, - { - "version_value" : "V100R011C03SPC200" - }, - { - "version_value" : "V100R011C03SPC300" - }, - { - "version_value" : "V100R011C03SPC400" - }, - { - "version_value" : "V100R011C03SPC500" - }, - { - "version_value" : "eSpace U1960 V200R003C30SPC200" - }, - { - "version_value" : "eSpace U1981 V100R001C20SPC700" - }, - { - "version_value" : "V200R003C20SPCa00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that the module cannot parse a malformed SIP message when validating variables. Attacker can exploit it to make one process reboot at random." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-12-06T00:00:00", + "ID": "CVE-2017-17143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981", + "version": { + "version_data": [ + { + "version_value": "DP300 V500R002C00" + }, + { + "version_value": "V500R002C00SPC100" + }, + { + "version_value": "V500R002C00SPC200" + }, + { + "version_value": "V500R002C00SPC300" + }, + { + "version_value": "V500R002C00SPC400" + }, + { + "version_value": "V500R002C00SPC500" + }, + { + "version_value": "V500R002C00SPC600" + }, + { + "version_value": "V500R002C00SPC800" + }, + { + "version_value": "V500R002C00SPC900" + }, + { + "version_value": "V500R002C00SPCa00" + }, + { + "version_value": "RP200 V500R002C00SPC200" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V600R006C00SPC200" + }, + { + "version_value": "RSE6500 V500R002C00SPC100" + }, + { + "version_value": "V500R002C00SPC200" + }, + { + "version_value": "V500R002C00SPC300" + }, + { + "version_value": "V500R002C00SPC300T" + }, + { + "version_value": "V500R002C00SPC500" + }, + { + "version_value": "V500R002C00SPC600" + }, + { + "version_value": "V500R002C00SPC700" + }, + { + "version_value": "V500R002C00T" + }, + { + "version_value": "TE30 V100R001C10" + }, + { + "version_value": "V100R001C10SPC100" + }, + { + "version_value": "V100R001C10SPC200B010" + }, + { + "version_value": "V100R001C10SPC300" + }, + { + "version_value": "V100R001C10SPC500" + }, + { + "version_value": "V100R001C10SPC600" + }, + { + "version_value": "V100R001C10SPC700B010" + }, + { + "version_value": "V100R001C10SPC800" + }, + { + "version_value": "V500R002C00SPC200" + }, + { + "version_value": "V500R002C00SPC500" + }, + { + "version_value": "V500R002C00SPC600" + }, + { + "version_value": "V500R002C00SPC700" + }, + { + "version_value": "V500R002C00SPC900" + }, + { + "version_value": "V500R002C00SPCb00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "TE40 V500R002C00SPC600" + }, + { + "version_value": "V500R002C00SPC700" + }, + { + "version_value": "V500R002C00SPC900" + }, + { + "version_value": "V500R002C00SPCb00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V600R006C00SPC200" + }, + { + "version_value": "TE50 V500R002C00SPC600" + }, + { + "version_value": "V500R002C00SPC700" + }, + { + "version_value": "V500R002C00SPCb00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V600R006C00SPC200" + }, + { + "version_value": "TE60 V100R001C01SPC100" + }, + { + "version_value": "V100R001C01SPC107TB010" + }, + { + "version_value": "V100R001C10" + }, + { + "version_value": "V100R001C10SPC300" + }, + { + "version_value": "V100R001C10SPC400" + }, + { + "version_value": "V100R001C10SPC500" + }, + { + "version_value": "V100R001C10SPC600" + }, + { + "version_value": "V100R001C10SPC700" + }, + { + "version_value": "V100R001C10SPC800" + }, + { + "version_value": "V100R001C10SPC900" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V500R002C00SPC100" + }, + { + "version_value": "V500R002C00SPC200" + }, + { + "version_value": "V500R002C00SPC300" + }, + { + "version_value": "V500R002C00SPC600" + }, + { + "version_value": "V500R002C00SPC700" + }, + { + "version_value": "V500R002C00SPC800" + }, + { + "version_value": "V500R002C00SPC900" + }, + { + "version_value": "V500R002C00SPCa00" + }, + { + "version_value": "V500R002C00SPCb00" + }, + { + "version_value": "V500R002C00SPCd00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V600R006C00SPC100" + }, + { + "version_value": "V600R006C00SPC200" + }, + { + "version_value": "V600R006C00SPC300" + }, + { + "version_value": "TP3106 V100R002C00" + }, + { + "version_value": "V100R002C00SPC200" + }, + { + "version_value": "V100R002C00SPC400" + }, + { + "version_value": "V100R002C00SPC600" + }, + { + "version_value": "V100R002C00SPC700" + }, + { + "version_value": "V100R002C00SPC800" + }, + { + "version_value": "TP3206 V100R002C00" + }, + { + "version_value": "V100R002C00SPC200" + }, + { + "version_value": "V100R002C00SPC400" + }, + { + "version_value": "V100R002C00SPC600" + }, + { + "version_value": "V100R002C00SPC700" + }, + { + "version_value": "V100R002C10" + }, + { + "version_value": "ViewPoint 9030 V100R011C02SPC100" + }, + { + "version_value": "V100R011C03B012SP15" + }, + { + "version_value": "V100R011C03B012SP16" + }, + { + "version_value": "V100R011C03B015SP03" + }, + { + "version_value": "V100R011C03LGWL01SPC100" + }, + { + "version_value": "V100R011C03SPC100" + }, + { + "version_value": "V100R011C03SPC200" + }, + { + "version_value": "V100R011C03SPC300" + }, + { + "version_value": "V100R011C03SPC400" + }, + { + "version_value": "V100R011C03SPC500" + }, + { + "version_value": "eSpace U1960 V200R003C30SPC200" + }, + { + "version_value": "eSpace U1981 V100R001C20SPC700" + }, + { + "version_value": "V200R003C20SPCa00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that the module cannot parse a malformed SIP message when validating variables. Attacker can exploit it to make one process reboot at random." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17307.json b/2017/17xxx/CVE-2017-17307.json index 44bde1b52a4..9ffff8b8a3d 100644 --- a/2017/17xxx/CVE-2017-17307.json +++ b/2017/17xxx/CVE-2017-17307.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VNS-L21", - "version" : { - "version_data" : [ - { - "version_value" : "VNS-L21AUTC555B141" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an out-of-bounds read vulnerability. Due to the lack string terminator of string, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds and possibly cause the device abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VNS-L21", + "version": { + "version_data": [ + { + "version_value": "VNS-L21AUTC555B141" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-read-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-read-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an out-of-bounds read vulnerability. Due to the lack string terminator of string, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds and possibly cause the device abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-read-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-read-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0190.json b/2018/0xxx/CVE-2018-0190.json index 452e3321eab..a96878a4d45 100644 --- a/2018/0xxx/CVE-2018-0190.json +++ b/2018/0xxx/CVE-2018-0190.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss" - }, - { - "name" : "103551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103551" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0813.json b/2018/0xxx/CVE-2018-0813.json index 0067418cf37..3939a0294e8 100644 --- a/2018/0xxx/CVE-2018-0813.json +++ b/2018/0xxx/CVE-2018-0813.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows kernel", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0813", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0813" - }, - { - "name" : "103250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103250" - }, - { - "name" : "1040517", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103250" + }, + { + "name": "1040517", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040517" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0813", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0813" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18220.json b/2018/18xxx/CVE-2018-18220.json index 46df959983f..eeb2853463a 100644 --- a/2018/18xxx/CVE-2018-18220.json +++ b/2018/18xxx/CVE-2018-18220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18220", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18220", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18266.json b/2018/18xxx/CVE-2018-18266.json index ffcb2d7f644..70fe85cbb9f 100644 --- a/2018/18xxx/CVE-2018-18266.json +++ b/2018/18xxx/CVE-2018-18266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18266", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18266", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18983.json b/2018/18xxx/CVE-2018-18983.json index c4d79b232d2..66477467c17 100644 --- a/2018/18xxx/CVE-2018-18983.json +++ b/2018/18xxx/CVE-2018-18983.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-18983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-18983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01" - }, - { - "name" : "106071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106071" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19034.json b/2018/19xxx/CVE-2018-19034.json index 65f5c157b6e..63b7c9f24c7 100644 --- a/2018/19xxx/CVE-2018-19034.json +++ b/2018/19xxx/CVE-2018-19034.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19034", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19034", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19220.json b/2018/19xxx/CVE-2018-19220.json index 8ce8cdfad43..f2ed449a442 100644 --- a/2018/19xxx/CVE-2018-19220.json +++ b/2018/19xxx/CVE-2018-19220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#getshell", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#getshell" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#getshell", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#getshell" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19322.json b/2018/19xxx/CVE-2018-19322.json index 419811b3863..a16db3460e0 100644 --- a/2018/19xxx/CVE-2018-19322.json +++ b/2018/19xxx/CVE-2018-19322.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/39" - }, - { - "name" : "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities" - }, - { - "name" : "106252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/39" + }, + { + "name": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities", + "refsource": "MISC", + "url": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities" + }, + { + "name": "106252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106252" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19711.json b/2018/19xxx/CVE-2018-19711.json index 42f0047c44e..56442349a1f 100644 --- a/2018/19xxx/CVE-2018-19711.json +++ b/2018/19xxx/CVE-2018-19711.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-19711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-19711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1299.json b/2018/1xxx/CVE-2018-1299.json index 885b9b9c333..06837379534 100644 --- a/2018/1xxx/CVE-2018-1299.json +++ b/2018/1xxx/CVE-2018-1299.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-02-06T00:00:00", - "ID" : "CVE-2018-1299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Allura", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0 to 1.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-02-06T00:00:00", + "ID": "CVE-2018-1299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Allura", + "version": { + "version_data": [ + { + "version_value": "1.0.0 to 1.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20180206 [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/b52069073cf3cb0f84c9e1e2b34d411fc163af39e4f3e50712ac8a4d@%3Cdev.allura.apache.org%3E" - }, - { - "name" : "https://allura.apache.org/posts/2018-allura-1.8.0.html", - "refsource" : "CONFIRM", - "url" : "https://allura.apache.org/posts/2018-allura-1.8.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://allura.apache.org/posts/2018-allura-1.8.0.html", + "refsource": "CONFIRM", + "url": "https://allura.apache.org/posts/2018-allura-1.8.0.html" + }, + { + "name": "[dev] 20180206 [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/b52069073cf3cb0f84c9e1e2b34d411fc163af39e4f3e50712ac8a4d@%3Cdev.allura.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1612.json b/2018/1xxx/CVE-2018-1612.json index e64bf289001..2f17dedf045 100644 --- a/2018/1xxx/CVE-2018-1612.json +++ b/2018/1xxx/CVE-2018-1612.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-06T00:00:00", - "ID" : "CVE-2018-1612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "C", - "SCORE" : "5.800", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-06T00:00:00", + "ID": "CVE-2018-1612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45005", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45005/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22017062", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22017062" - }, - { - "name" : "ibm-qradar-cve20181612-info-disc(144164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "C", + "SCORE": "5.800", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22017062", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22017062" + }, + { + "name": "45005", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45005/" + }, + { + "name": "ibm-qradar-cve20181612-info-disc(144164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144164" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1691.json b/2018/1xxx/CVE-2018-1691.json index 14ef91fdfdb..e788f8ea47e 100644 --- a/2018/1xxx/CVE-2018-1691.json +++ b/2018/1xxx/CVE-2018-1691.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-1691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145582." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-1691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078" - }, - { - "name" : "ibm-rqm-cve20181691-xss(145582)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145582." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20181691-xss(145582)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145582" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733078", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733078" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5899.json b/2018/5xxx/CVE-2018-5899.json index 44687a747a2..0d093d5b16a 100644 --- a/2018/5xxx/CVE-2018-5899.json +++ b/2018/5xxx/CVE-2018-5899.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-5899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2018-5899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" + } + ] + } +} \ No newline at end of file