diff --git a/2008/0xxx/CVE-2008-0374.json b/2008/0xxx/CVE-2008-0374.json index 7a4c6c10445..cb725d1d9b9 100644 --- a/2008/0xxx/CVE-2008-0374.json +++ b/2008/0xxx/CVE-2008-0374.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080117 [CSNC] OKI C5510MFP Printer Password Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486511/100/0/threaded" - }, - { - "name" : "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html", - "refsource" : "MISC", - "url" : "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html" - }, - { - "name" : "27339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27339" - }, - { - "name" : "28553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28553" - }, - { - "name" : "3569", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3569" - }, - { - "name" : "c5510mfp-configuration-info-disclosure(39775)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27339" + }, + { + "name": "20080117 [CSNC] OKI C5510MFP Printer Password Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486511/100/0/threaded" + }, + { + "name": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html", + "refsource": "MISC", + "url": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html" + }, + { + "name": "28553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28553" + }, + { + "name": "c5510mfp-configuration-info-disclosure(39775)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39775" + }, + { + "name": "3569", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3569" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0501.json b/2008/0xxx/CVE-2008-0501.json index 5e47eb6a7b8..356475cd36e 100644 --- a/2008/0xxx/CVE-2008-0501.json +++ b/2008/0xxx/CVE-2008-0501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5000", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5000" - }, - { - "name" : "27480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27480" - }, - { - "name" : "ADV-2008-0350", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0350" - }, - { - "name" : "phpmyclub-pagecourante-file-include(40007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5000", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5000" + }, + { + "name": "27480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27480" + }, + { + "name": "ADV-2008-0350", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0350" + }, + { + "name": "phpmyclub-pagecourante-file-include(40007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40007" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0542.json b/2008/0xxx/CVE-2008-0542.json index b69b497a844..cfb8f8efed3 100644 --- a/2008/0xxx/CVE-2008-0542.json +++ b/2008/0xxx/CVE-2008-0542.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4989", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4989" - }, - { - "name" : "27463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27463" - }, - { - "name" : "28681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28681" - }, - { - "name" : "simpleforum-thumbnail-directory-traversal(39980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28681" + }, + { + "name": "simpleforum-thumbnail-directory-traversal(39980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39980" + }, + { + "name": "4989", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4989" + }, + { + "name": "27463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27463" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0810.json b/2008/0xxx/CVE-2008-0810.json index e330f2d7570..cc33771f11c 100644 --- a/2008/0xxx/CVE-2008-0810.json +++ b/2008/0xxx/CVE-2008-0810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080216 joomla SQL Injection( com_scheduling)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488269/100/0/threaded" - }, - { - "name" : "27830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27830" - }, - { - "name" : "3662", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3662", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3662" + }, + { + "name": "27830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27830" + }, + { + "name": "20080216 joomla SQL Injection( com_scheduling)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488269/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1165.json b/2008/1xxx/CVE-2008-1165.json index b86fd8c52a6..061b372cc8e 100644 --- a/2008/1xxx/CVE-2008-1165.json +++ b/2008/1xxx/CVE-2008-1165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://flyspray.org/fsa:3", - "refsource" : "CONFIRM", - "url" : "http://flyspray.org/fsa:3" - }, - { - "name" : "29215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29215" - }, - { - "name" : "flyspray-itemsummary-xss(40963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://flyspray.org/fsa:3", + "refsource": "CONFIRM", + "url": "http://flyspray.org/fsa:3" + }, + { + "name": "29215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29215" + }, + { + "name": "flyspray-itemsummary-xss(40963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3667.json b/2008/3xxx/CVE-2008-3667.json index b81ee58042d..c5f1508befe 100644 --- a/2008/3xxx/CVE-2008-3667.json +++ b/2008/3xxx/CVE-2008-3667.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl" - }, - { - "name" : "30617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30617" - }, - { - "name" : "maxthonbrowser-contenttype-bo(44381)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl" + }, + { + "name": "30617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30617" + }, + { + "name": "maxthonbrowser-contenttype-bo(44381)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44381" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3790.json b/2008/3xxx/CVE-2008-3790.json index 37e6e56677e..8418de3cd0a 100644 --- a/2008/3xxx/CVE-2008-3790.json +++ b/2008/3xxx/CVE-2008-3790.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an \"XML entity explosion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080825 CVE Request (ruby)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/25/4" - }, - { - "name" : "[oss-security] 20080826 Re: CVE Request (ruby)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/26/1" - }, - { - "name" : "[oss-security] 20080826 Re: CVE Request (ruby)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/26/4" - }, - { - "name" : "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/" - }, - { - "name" : "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb" - }, - { - "name" : "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "DSA-1651", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1651" - }, - { - "name" : "DSA-1652", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1652" - }, - { - "name" : "FEDORA-2008-8736", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html" - }, - { - "name" : "FEDORA-2008-8738", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html" - }, - { - "name" : "GLSA-200812-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml" - }, - { - "name" : "RHSA-2008:0897", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0897.html" - }, - { - "name" : "USN-691-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/691-1/" - }, - { - "name" : "USN-651-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/651-1/" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "30802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30802" - }, - { - "name" : "oval:org.mitre.oval:def:10393", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2008-2483", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2483" - }, - { - "name" : "ADV-2008-2428", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2428" - }, - { - "name" : "1020735", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020735" - }, - { - "name" : "31602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31602" - }, - { - "name" : "32255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32255" - }, - { - "name" : "32256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32256" - }, - { - "name" : "33178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33178" - }, - { - "name" : "33185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33185" - }, - { - "name" : "32165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32165" - }, - { - "name" : "32219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32219" - }, - { - "name" : "32371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32371" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "ruby-rexml-dos(44628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an \"XML entity explosion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-651-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/651-1/" + }, + { + "name": "33185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33185" + }, + { + "name": "oval:org.mitre.oval:def:10393", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb" + }, + { + "name": "1020735", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020735" + }, + { + "name": "DSA-1652", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1652" + }, + { + "name": "FEDORA-2008-8736", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html" + }, + { + "name": "ADV-2008-2428", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2428" + }, + { + "name": "ruby-rexml-dos(44628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "[oss-security] 20080826 Re: CVE Request (ruby)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/26/4" + }, + { + "name": "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm" + }, + { + "name": "DSA-1651", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1651" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/" + }, + { + "name": "RHSA-2008:0897", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html" + }, + { + "name": "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca", + "refsource": "MISC", + "url": "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca" + }, + { + "name": "[oss-security] 20080825 CVE Request (ruby)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/25/4" + }, + { + "name": "32219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32219" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "32255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32255" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "30802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30802" + }, + { + "name": "USN-691-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/691-1/" + }, + { + "name": "[oss-security] 20080826 Re: CVE Request (ruby)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/26/1" + }, + { + "name": "32371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32371" + }, + { + "name": "32165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32165" + }, + { + "name": "GLSA-200812-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" + }, + { + "name": "33178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33178" + }, + { + "name": "FEDORA-2008-8738", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html" + }, + { + "name": "32256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32256" + }, + { + "name": "31602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31602" + }, + { + "name": "ADV-2008-2483", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2483" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4031.json b/2008/4xxx/CVE-2008-4031.json index 328de6ce83a..8eb784fd97d 100644 --- a/2008/4xxx/CVE-2008-4031.json +++ b/2008/4xxx/CVE-2008-4031.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-4031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS08-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072" - }, - { - "name" : "TA08-344A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" - }, - { - "name" : "oval:org.mitre.oval:def:5952", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952" - }, - { - "name" : "ADV-2008-3384", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3384" - }, - { - "name" : "1021370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5952", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952" + }, + { + "name": "MS08-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072" + }, + { + "name": "1021370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021370" + }, + { + "name": "TA08-344A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" + }, + { + "name": "ADV-2008-3384", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3384" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4211.json b/2008/4xxx/CVE-2008-4211.json index 9bd8b7406ef..90f99df87c8 100644 --- a/2008/4xxx/CVE-2008-4211.json +++ b/2008/4xxx/CVE-2008-4211.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to \"handling of columns.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3216", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3216" - }, - { - "name" : "http://support.apple.com/kb/HT3318", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3318" - }, - { - "name" : "APPLE-SA-2008-10-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2008-11-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" - }, - { - "name" : "31681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31681" - }, - { - "name" : "31707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31707" - }, - { - "name" : "ADV-2008-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2780" - }, - { - "name" : "ADV-2008-3232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3232" - }, - { - "name" : "1021027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021027" - }, - { - "name" : "32222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32222" - }, - { - "name" : "32756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32756" - }, - { - "name" : "macosx-quicklook2-code-execution(45784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to \"handling of columns.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31681" + }, + { + "name": "APPLE-SA-2008-11-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" + }, + { + "name": "macosx-quicklook2-code-execution(45784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45784" + }, + { + "name": "ADV-2008-3232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3232" + }, + { + "name": "31707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31707" + }, + { + "name": "32222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32222" + }, + { + "name": "1021027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021027" + }, + { + "name": "http://support.apple.com/kb/HT3318", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3318" + }, + { + "name": "ADV-2008-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2780" + }, + { + "name": "APPLE-SA-2008-10-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3216", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3216" + }, + { + "name": "32756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32756" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4257.json b/2008/4xxx/CVE-2008-4257.json index a93af5ca2ea..aa833aaf3e8 100644 --- a/2008/4xxx/CVE-2008-4257.json +++ b/2008/4xxx/CVE-2008-4257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4257", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4257", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4415.json b/2008/4xxx/CVE-2008-4415.json index 58b2c4aea4f..a0979980a1d 100644 --- a/2008/4xxx/CVE-2008-4415.json +++ b/2008/4xxx/CVE-2008-4415.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02385", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122652356130271&w=2" - }, - { - "name" : "SSRT080161", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122652356130271&w=2" - }, - { - "name" : "32272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32272" - }, - { - "name" : "49831", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49831" - }, - { - "name" : "1021171", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021171" - }, - { - "name" : "32712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32712" - }, - { - "name" : "4601", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT080161", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122652356130271&w=2" + }, + { + "name": "32272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32272" + }, + { + "name": "32712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32712" + }, + { + "name": "HPSBMA02385", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122652356130271&w=2" + }, + { + "name": "1021171", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021171" + }, + { + "name": "4601", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4601" + }, + { + "name": "49831", + "refsource": "OSVDB", + "url": "http://osvdb.org/49831" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2292.json b/2013/2xxx/CVE-2013-2292.json index 63772f6f048..7d81bf4c220 100644 --- a/2013/2xxx/CVE-2013-2292.json +++ b/2013/2xxx/CVE-2013-2292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bitcointalk.org/?topic=140078", - "refsource" : "CONFIRM", - "url" : "https://bitcointalk.org/?topic=140078" - }, - { - "name" : "https://en.bitcoin.it/wiki/CVEs", - "refsource" : "CONFIRM", - "url" : "https://en.bitcoin.it/wiki/CVEs" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://en.bitcoin.it/wiki/CVEs", + "refsource": "CONFIRM", + "url": "https://en.bitcoin.it/wiki/CVEs" + }, + { + "name": "https://bitcointalk.org/?topic=140078", + "refsource": "CONFIRM", + "url": "https://bitcointalk.org/?topic=140078" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2837.json b/2013/2xxx/CVE-2013-2837.json index 22494a224c7..89e0e48e3cc 100644 --- a/2013/2xxx/CVE-2013-2837.json +++ b/2013/2xxx/CVE-2013-2837.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=235638", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=235638" - }, - { - "name" : "DSA-2695", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2695" - }, - { - "name" : "oval:org.mitre.oval:def:16250", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=235638", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=235638" + }, + { + "name": "DSA-2695", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2695" + }, + { + "name": "oval:org.mitre.oval:def:16250", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16250" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2848.json b/2013/2xxx/CVE-2013-2848.json index b125ddcfbe6..f4a3dc03f22 100644 --- a/2013/2xxx/CVE-2013-2848.json +++ b/2013/2xxx/CVE-2013-2848.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=176137", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=176137" - }, - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "APPLE-SA-2013-10-22-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" - }, - { - "name" : "DSA-2695", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2695" - }, - { - "name" : "oval:org.mitre.oval:def:15849", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15849" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2695", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2695" + }, + { + "name": "oval:org.mitre.oval:def:15849", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15849" + }, + { + "name": "APPLE-SA-2013-10-22-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=176137", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=176137" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3499.json b/2013/3xxx/CVE-2013-3499.json index 985d47586d4..c1b86856f07 100644 --- a/2013/3xxx/CVE-2013-3499.json +++ b/2013/3xxx/CVE-2013-3499.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls", - "refsource" : "MISC", - "url" : "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt" - }, - { - "name" : "VU#345260", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/345260" - }, - { - "name" : "58404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58404" + }, + { + "name": "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls", + "refsource": "MISC", + "url": "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt" + }, + { + "name": "VU#345260", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/345260" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3897.json b/2013/3xxx/CVE-2013-3897.json index 67a2833deea..14f6c9590af 100644 --- a/2013/3xxx/CVE-2013-3897.json +++ b/2013/3xxx/CVE-2013-3897.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx" - }, - { - "name" : "MS13-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080" - }, - { - "name" : "TA13-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-288A" - }, - { - "name" : "oval:org.mitre.oval:def:18989", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx" + }, + { + "name": "TA13-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A" + }, + { + "name": "MS13-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080" + }, + { + "name": "oval:org.mitre.oval:def:18989", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18989" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6152.json b/2013/6xxx/CVE-2013-6152.json index 5ab08b59718..fd1abf83159 100644 --- a/2013/6xxx/CVE-2013-6152.json +++ b/2013/6xxx/CVE-2013-6152.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6152", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6152", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6815.json b/2013/6xxx/CVE-2013-6815.json index ac6605304ea..e133946d665 100644 --- a/2013/6xxx/CVE-2013-6815.json +++ b/2013/6xxx/CVE-2013-6815.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1890819", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1890819" - }, - { - "name" : "55620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://service.sap.com/sap/support/notes/1890819", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1890819" + }, + { + "name": "55620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55620" + }, + { + "name": "https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7094.json b/2013/7xxx/CVE-2013-7094.json index 5dcf89eb537..e8b0c49010b 100644 --- a/2013/7xxx/CVE-2013-7094.json +++ b/2013/7xxx/CVE-2013-7094.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1836718", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1836718" - }, - { - "name" : "64232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64232" - }, - { - "name" : "56061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56061" - }, - { - "name" : "netweaver-rsddcvercounttabcols-sql-inject(89603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/" + }, + { + "name": "https://service.sap.com/sap/support/notes/1836718", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1836718" + }, + { + "name": "netweaver-rsddcvercounttabcols-sql-inject(89603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89603" + }, + { + "name": "56061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56061" + }, + { + "name": "64232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64232" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7171.json b/2013/7xxx/CVE-2013-7171.json index 805f29b6d72..06ad254b6ce 100644 --- a/2013/7xxx/CVE-2013-7171.json +++ b/2013/7xxx/CVE-2013-7171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10081.json b/2017/10xxx/CVE-2017-10081.json index 7757b459abd..8cd4e8191e3 100644 --- a/2017/10xxx/CVE-2017-10081.json +++ b/2017/10xxx/CVE-2017-10081.json @@ -1,126 +1,126 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u151" - }, - { - "version_affected" : "=", - "version_value" : "7u141" - }, - { - "version_affected" : "=", - "version_value" : "8u131; Java SE Embedded: 8u131" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u151" + }, + { + "version_affected": "=", + "version_value": "7u141" + }, + { + "version_affected": "=", + "version_value": "8u131; Java SE Embedded: 8u131" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" - }, - { - "name" : "DSA-3919", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3919" - }, - { - "name" : "DSA-3954", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3954" - }, - { - "name" : "GLSA-201709-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-22" - }, - { - "name" : "RHSA-2017:1789", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1789" - }, - { - "name" : "RHSA-2017:1790", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1790" - }, - { - "name" : "RHSA-2017:1791", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1791" - }, - { - "name" : "RHSA-2017:1792", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1792" - }, - { - "name" : "RHSA-2017:2424", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2424" - }, - { - "name" : "99853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99853" - }, - { - "name" : "1038931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1791", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1791" + }, + { + "name": "RHSA-2017:1790", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1790" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" + }, + { + "name": "RHSA-2017:1789", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1789" + }, + { + "name": "RHSA-2017:2424", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2424" + }, + { + "name": "1038931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038931" + }, + { + "name": "99853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99853" + }, + { + "name": "RHSA-2017:1792", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1792" + }, + { + "name": "GLSA-201709-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-22" + }, + { + "name": "DSA-3919", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3919" + }, + { + "name": "DSA-3954", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3954" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10175.json b/2017/10xxx/CVE-2017-10175.json index a67264567d2..78f941eb4bd 100644 --- a/2017/10xxx/CVE-2017-10175.json +++ b/2017/10xxx/CVE-2017-10175.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iSupport", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99717" - }, - { - "name" : "1038926", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99717" + }, + { + "name": "1038926", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038926" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10394.json b/2017/10xxx/CVE-2017-10394.json index fa799dc8c84..df9f8d651fe 100644 --- a/2017/10xxx/CVE-2017-10394.json +++ b/2017/10xxx/CVE-2017-10394.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101474" - }, - { - "name" : "1039598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039598" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101474" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10527.json b/2017/10xxx/CVE-2017-10527.json index a8b21eb2ce3..35c515d6279 100644 --- a/2017/10xxx/CVE-2017-10527.json +++ b/2017/10xxx/CVE-2017-10527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10775.json b/2017/10xxx/CVE-2017-10775.json index d332212a984..7638af54a69 100644 --- a/2017/10xxx/CVE-2017-10775.json +++ b/2017/10xxx/CVE-2017-10775.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14460.json b/2017/14xxx/CVE-2017-14460.json index 79da59eae58..9094fa9d494 100644 --- a/2017/14xxx/CVE-2017-14460.json +++ b/2017/14xxx/CVE-2017-14460.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2017-14460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Parity", - "version" : { - "version_data" : [ - { - "version_value" : "Parity 1.7.8" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "cross-domain" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2017-14460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Parity", + "version": { + "version_data": [ + { + "version_value": "Parity 1.7.8" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-domain" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14560.json b/2017/14xxx/CVE-2017-14560.json index dfb6ddc5d70..0402a873999 100644 --- a/2017/14xxx/CVE-2017-14560.json +++ b/2017/14xxx/CVE-2017-14560.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to \"Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to \"Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17207.json b/2017/17xxx/CVE-2017-17207.json index f4ed5710de9..0ff8b8e49bf 100644 --- a/2017/17xxx/CVE-2017-17207.json +++ b/2017/17xxx/CVE-2017-17207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17207", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17207", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17557.json b/2017/17xxx/CVE-2017-17557.json index acce8d0588d..91ef86478de 100644 --- a/2017/17xxx/CVE-2017-17557.json +++ b/2017/17xxx/CVE-2017-17557.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html", - "refsource" : "MISC", - "url" : "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "103999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103999" - }, - { - "name" : "1040733", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "1040733", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040733" + }, + { + "name": "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html", + "refsource": "MISC", + "url": "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html" + }, + { + "name": "103999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103999" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17697.json b/2017/17xxx/CVE-2017-17697.json index fcc8ab390c1..274e9aad213 100644 --- a/2017/17xxx/CVE-2017-17697.json +++ b/2017/17xxx/CVE-2017-17697.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vmware/harbor/issues/3755", - "refsource" : "MISC", - "url" : "https://github.com/vmware/harbor/issues/3755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/vmware/harbor/issues/3755", + "refsource": "MISC", + "url": "https://github.com/vmware/harbor/issues/3755" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17805.json b/2017/17xxx/CVE-2017-17805.json index b9862f34d48..5df5e8cf8ca 100644 --- a/2017/17xxx/CVE-2017-17805.json +++ b/2017/17xxx/CVE-2017-17805.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" - }, - { - "name" : "DSA-4073", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4073" - }, - { - "name" : "DSA-4082", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4082" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "SUSE-SU-2018:0010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2018:0011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" - }, - { - "name" : "SUSE-SU-2018:0012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" - }, - { - "name" : "openSUSE-SU-2018:0022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" - }, - { - "name" : "openSUSE-SU-2018:0023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" - }, - { - "name" : "USN-3617-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-1/" - }, - { - "name" : "USN-3617-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-2/" - }, - { - "name" : "USN-3617-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-3/" - }, - { - "name" : "USN-3619-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-1/" - }, - { - "name" : "USN-3620-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3620-1/" - }, - { - "name" : "USN-3620-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3620-2/" - }, - { - "name" : "USN-3619-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-2/" - }, - { - "name" : "USN-3632-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3632-1/" - }, - { - "name" : "102291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "USN-3617-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-1/" + }, + { + "name": "USN-3619-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-2/" + }, + { + "name": "DSA-4082", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4082" + }, + { + "name": "USN-3617-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-3/" + }, + { + "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html" + }, + { + "name": "SUSE-SU-2018:0012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" + }, + { + "name": "SUSE-SU-2018:0011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" + }, + { + "name": "USN-3632-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3632-1/" + }, + { + "name": "USN-3620-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3620-2/" + }, + { + "name": "openSUSE-SU-2018:0022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" + }, + { + "name": "102291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102291" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" + }, + { + "name": "SUSE-SU-2018:0010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" + }, + { + "name": "DSA-4073", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4073" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e" + }, + { + "name": "USN-3617-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-2/" + }, + { + "name": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e" + }, + { + "name": "USN-3620-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3620-1/" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + }, + { + "name": "USN-3619-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-1/" + }, + { + "name": "openSUSE-SU-2018:0023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9175.json b/2017/9xxx/CVE-2017-9175.json index 36bdbdfbed1..ad76f22ae5b 100644 --- a/2017/9xxx/CVE-2017-9175.json +++ b/2017/9xxx/CVE-2017-9175.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9299.json b/2017/9xxx/CVE-2017-9299.json index f0a46ae71d8..2c663a2b0d5 100644 --- a/2017/9xxx/CVE-2017-9299.json +++ b/2017/9xxx/CVE-2017-9299.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html", - "refsource" : "MISC", - "url" : "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html", + "refsource": "MISC", + "url": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9566.json b/2017/9xxx/CVE-2017-9566.json index e43fbfa66ba..361bc5e16d9 100644 --- a/2017/9xxx/CVE-2017-9566.json +++ b/2017/9xxx/CVE-2017-9566.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9695.json b/2017/9xxx/CVE-2017-9695.json index 902da1cda7d..e71ffb534af 100644 --- a/2017/9xxx/CVE-2017-9695.json +++ b/2017/9xxx/CVE-2017-9695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9695", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9695", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0038.json b/2018/0xxx/CVE-2018-0038.json index 901b12caf4d..7e3bd6d9607 100644 --- a/2018/0xxx/CVE-2018-0038.json +++ b/2018/0xxx/CVE-2018-0038.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2018-0038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2018-0038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10872", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10872", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10872" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0134.json b/2018/0xxx/CVE-2018-0134.json index 64d8553bebd..e40faabdd22 100644 --- a/2018/0xxx/CVE-2018-0134.json +++ b/2018/0xxx/CVE-2018-0134.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Policy Suite", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Policy Suite" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Policy Suite", + "version": { + "version_data": [ + { + "version_value": "Cisco Policy Suite" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1" - }, - { - "name" : "102954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102954" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0249.json b/2018/0xxx/CVE-2018-0249.json index 0ef3fbd9e90..e01f48cc66d 100644 --- a/2018/0xxx/CVE-2018-0249.json +++ b/2018/0xxx/CVE-2018-0249.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Aironet 1800 Series Access Point", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Aironet 1800 Series Access Point" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Aironet 1800 Series Access Point", + "version": { + "version_data": [ + { + "version_value": "Cisco Aironet 1800 Series Access Point" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos" - }, - { - "name" : "1040816", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040816", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040816" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0255.json b/2018/0xxx/CVE-2018-0255.json index 0727b52a6b3..4ec1fe14c16 100644 --- a/2018/0xxx/CVE-2018-0255.json +++ b/2018/0xxx/CVE-2018-0255.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Industrial Ethernet Switches", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Industrial Ethernet Switches" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Industrial Ethernet Switches", + "version": { + "version_data": [ + { + "version_value": "Cisco Industrial Ethernet Switches" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess" - }, - { - "name" : "1040715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040715" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000617.json b/2018/1000xxx/CVE-2018-1000617.json index 63653e7dadd..26051ab416f 100644 --- a/2018/1000xxx/CVE-2018-1000617.json +++ b/2018/1000xxx/CVE-2018-1000617.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-08T15:52:41.195865", - "DATE_REQUESTED" : "2018-07-01T16:24:35", - "ID" : "CVE-2018-1000617", - "REQUESTER" : "f3i@t00ls.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlassian Floodlight Controller", - "version" : { - "version_data" : [ - { - "version_value" : "1.2 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian Floodlight" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-08T15:52:41.195865", + "DATE_REQUESTED": "2018-07-01T16:24:35", + "ID": "CVE-2018-1000617", + "REQUESTER": "f3i@t00ls.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gms.cl0udz.com/Floodlight_DoS.pdf", - "refsource" : "MISC", - "url" : "http://gms.cl0udz.com/Floodlight_DoS.pdf" - }, - { - "name" : "104711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104711" + }, + { + "name": "http://gms.cl0udz.com/Floodlight_DoS.pdf", + "refsource": "MISC", + "url": "http://gms.cl0udz.com/Floodlight_DoS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000627.json b/2018/1000xxx/CVE-2018-1000627.json index eb867e07b83..86ac83f93e3 100644 --- a/2018/1000xxx/CVE-2018-1000627.json +++ b/2018/1000xxx/CVE-2018-1000627.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T16:52:42.837172", - "DATE_REQUESTED" : "2018-07-27T00:00:00", - "ID" : "CVE-2018-1000627", - "REQUESTER" : "stmoore@us.ibm.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "V2I Hub", - "version" : { - "version_data" : [ - { - "version_value" : "2.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "Battelle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T16:52:42.837172", + "DATE_REQUESTED": "2018-07-27T00:00:00", + "ID": "CVE-2018-1000627", + "REQUESTER": "stmoore@us.ibm.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147304", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147304", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147304" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000632.json b/2018/1000xxx/CVE-2018-1000632.json index 29ec4329c5f..115a0d0bfdc 100644 --- a/2018/1000xxx/CVE-2018-1000632.json +++ b/2018/1000xxx/CVE-2018-1000632.json @@ -1,105 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-19T17:09:33.115822", - "DATE_REQUESTED" : "2018-07-30T13:22:12", - "ID" : "CVE-2018-1000632", - "REQUESTER" : "mario.s.s.areias@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "dom4j", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "dom4j" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-91: XML Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-19T17:09:33.115822", + "DATE_REQUESTED": "2018-07-30T13:22:12", + "ID": "CVE-2018-1000632", + "REQUESTER": "mario.s.s.areias@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html" - }, - { - "name" : "https://ihacktoprotect.com/post/dom4j-xml-injection/", - "refsource" : "MISC", - "url" : "https://ihacktoprotect.com/post/dom4j-xml-injection/" - }, - { - "name" : "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387", - "refsource" : "CONFIRM", - "url" : "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387" - }, - { - "name" : "https://github.com/dom4j/dom4j/issues/48", - "refsource" : "CONFIRM", - "url" : "https://github.com/dom4j/dom4j/issues/48" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "RHSA-2019:0362", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0362" - }, - { - "name" : "RHSA-2019:0364", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0364" - }, - { - "name" : "RHSA-2019:0365", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0365" - }, - { - "name" : "RHSA-2019:0380", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://github.com/dom4j/dom4j/issues/48", + "refsource": "CONFIRM", + "url": "https://github.com/dom4j/dom4j/issues/48" + }, + { + "name": "[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html" + }, + { + "name": "RHSA-2019:0364", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0364" + }, + { + "name": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387", + "refsource": "CONFIRM", + "url": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387" + }, + { + "name": "https://ihacktoprotect.com/post/dom4j-xml-injection/", + "refsource": "MISC", + "url": "https://ihacktoprotect.com/post/dom4j-xml-injection/" + }, + { + "name": "RHSA-2019:0362", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0362" + }, + { + "name": "RHSA-2019:0365", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0365" + }, + { + "name": "RHSA-2019:0380", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0380" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19331.json b/2018/19xxx/CVE-2018-19331.json index a9624a6262a..068c00aad8d 100644 --- a/2018/19xxx/CVE-2018-19331.json +++ b/2018/19xxx/CVE-2018-19331.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html", - "refsource" : "MISC", - "url" : "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html", + "refsource": "MISC", + "url": "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19928.json b/2018/19xxx/CVE-2018-19928.json index 98bc3ebb35f..4f673c3ca77 100644 --- a/2018/19xxx/CVE-2018-19928.json +++ b/2018/19xxx/CVE-2018-19928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19981.json b/2018/19xxx/CVE-2018-19981.json index 63099e2ee76..913f15bdc83 100644 --- a/2018/19xxx/CVE-2018-19981.json +++ b/2018/19xxx/CVE-2018-19981.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19981", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19981", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4009.json b/2018/4xxx/CVE-2018-4009.json index bb3e16a26ea..fa6d4e011ed 100644 --- a/2018/4xxx/CVE-2018-4009.json +++ b/2018/4xxx/CVE-2018-4009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4009", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4009", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4073.json b/2018/4xxx/CVE-2018-4073.json index 552debe1a68..d862db18e56 100644 --- a/2018/4xxx/CVE-2018-4073.json +++ b/2018/4xxx/CVE-2018-4073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4330.json b/2018/4xxx/CVE-2018-4330.json index e6b23bd1650..05f5204776f 100644 --- a/2018/4xxx/CVE-2018-4330.json +++ b/2018/4xxx/CVE-2018-4330.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208848", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208848" - }, - { - "name" : "105384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105384" - }, - { - "name" : "1041665", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041665", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041665" + }, + { + "name": "https://support.apple.com/HT208848", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208848" + }, + { + "name": "105384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105384" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4335.json b/2018/4xxx/CVE-2018-4335.json index 86369ac0c8a..ba095089f98 100644 --- a/2018/4xxx/CVE-2018-4335.json +++ b/2018/4xxx/CVE-2018-4335.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4335", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4335", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4519.json b/2018/4xxx/CVE-2018-4519.json index e571b06ed5c..d2b2440770f 100644 --- a/2018/4xxx/CVE-2018-4519.json +++ b/2018/4xxx/CVE-2018-4519.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4519", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4519", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9852.json b/2019/9xxx/CVE-2019-9852.json new file mode 100644 index 00000000000..1e1b5e0d21d --- /dev/null +++ b/2019/9xxx/CVE-2019-9852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file