From be038f373627159010d99882cc3aa49aa9902ce4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:43:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0398.json | 130 +++++++------- 2001/0xxx/CVE-2001-0717.json | 210 +++++++++++------------ 2008/0xxx/CVE-2008-0014.json | 180 ++++++++++---------- 2008/0xxx/CVE-2008-0390.json | 140 +++++++-------- 2008/0xxx/CVE-2008-0724.json | 140 +++++++-------- 2008/0xxx/CVE-2008-0746.json | 150 ++++++++--------- 2008/1xxx/CVE-2008-1269.json | 150 ++++++++--------- 2008/1xxx/CVE-2008-1322.json | 190 ++++++++++----------- 2008/1xxx/CVE-2008-1535.json | 150 ++++++++--------- 2008/1xxx/CVE-2008-1612.json | 300 ++++++++++++++++----------------- 2008/1xxx/CVE-2008-1618.json | 180 ++++++++++---------- 2008/5xxx/CVE-2008-5093.json | 160 +++++++++--------- 2008/5xxx/CVE-2008-5483.json | 34 ++-- 2008/5xxx/CVE-2008-5555.json | 140 +++++++-------- 2008/5xxx/CVE-2008-5561.json | 150 ++++++++--------- 2008/5xxx/CVE-2008-5738.json | 160 +++++++++--------- 2013/0xxx/CVE-2013-0140.json | 160 +++++++++--------- 2013/0xxx/CVE-2013-0580.json | 130 +++++++------- 2013/0xxx/CVE-2013-0683.json | 120 ++++++------- 2013/0xxx/CVE-2013-0720.json | 130 +++++++------- 2013/3xxx/CVE-2013-3163.json | 140 +++++++-------- 2013/3xxx/CVE-2013-3537.json | 150 ++++++++--------- 2013/3xxx/CVE-2013-3878.json | 120 ++++++------- 2013/3xxx/CVE-2013-3914.json | 140 +++++++-------- 2013/4xxx/CVE-2013-4128.json | 190 ++++++++++----------- 2013/4xxx/CVE-2013-4394.json | 160 +++++++++--------- 2013/4xxx/CVE-2013-4580.json | 130 +++++++------- 2013/6xxx/CVE-2013-6604.json | 34 ++-- 2013/7xxx/CVE-2013-7217.json | 190 ++++++++++----------- 2017/10xxx/CVE-2017-10260.json | 132 +++++++-------- 2017/10xxx/CVE-2017-10681.json | 140 +++++++-------- 2017/10xxx/CVE-2017-10982.json | 160 +++++++++--------- 2017/12xxx/CVE-2017-12167.json | 230 ++++++++++++------------- 2017/12xxx/CVE-2017-12204.json | 34 ++-- 2017/12xxx/CVE-2017-12355.json | 140 +++++++-------- 2017/12xxx/CVE-2017-12890.json | 34 ++-- 2017/13xxx/CVE-2017-13214.json | 142 ++++++++-------- 2017/13xxx/CVE-2017-13231.json | 138 +++++++-------- 2017/13xxx/CVE-2017-13393.json | 34 ++-- 2017/13xxx/CVE-2017-13655.json | 34 ++-- 2017/16xxx/CVE-2017-16424.json | 34 ++-- 2017/17xxx/CVE-2017-17042.json | 120 ++++++------- 2017/17xxx/CVE-2017-17106.json | 140 +++++++-------- 2017/17xxx/CVE-2017-17190.json | 34 ++-- 2017/17xxx/CVE-2017-17382.json | 160 +++++++++--------- 2017/17xxx/CVE-2017-17637.json | 130 +++++++------- 2018/18xxx/CVE-2018-18047.json | 34 ++-- 2018/18xxx/CVE-2018-18113.json | 34 ++-- 2018/18xxx/CVE-2018-18371.json | 34 ++-- 2018/18xxx/CVE-2018-18444.json | 120 ++++++------- 2018/18xxx/CVE-2018-18971.json | 34 ++-- 2018/19xxx/CVE-2018-19326.json | 120 ++++++------- 2018/19xxx/CVE-2018-19623.json | 170 +++++++++---------- 2018/19xxx/CVE-2018-19761.json | 120 ++++++------- 2018/19xxx/CVE-2018-19991.json | 120 ++++++------- 2018/1xxx/CVE-2018-1544.json | 200 +++++++++++----------- 2018/1xxx/CVE-2018-1742.json | 184 ++++++++++---------- 2018/1xxx/CVE-2018-1755.json | 192 ++++++++++----------- 2018/5xxx/CVE-2018-5079.json | 120 ++++++------- 2018/5xxx/CVE-2018-5142.json | 162 +++++++++--------- 2018/5xxx/CVE-2018-5202.json | 126 +++++++------- 2018/5xxx/CVE-2018-5747.json | 120 ++++++------- 2018/5xxx/CVE-2018-5922.json | 34 ++-- 63 files changed, 4059 insertions(+), 4059 deletions(-) diff --git a/2001/0xxx/CVE-2001-0398.json b/2001/0xxx/CVE-2001-0398.json index 34e80b049c4..d48aab68c36 100644 --- a/2001/0xxx/CVE-2001-0398.json +++ b/2001/0xxx/CVE-2001-0398.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010402 ~..~!guano", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.html" - }, - { - "name" : "2530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2530" + }, + { + "name": "20010402 ~..~!guano", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0717.json b/2001/0xxx/CVE-2001-0717.json index 5b6bea1b3b4..b3a178f79b2 100644 --- a/2001/0xxx/CVE-2001-0717.json +++ b/2001/0xxx/CVE-2001-0717.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise98.php" - }, - { - "name" : "CA-2001-27", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-27.html" - }, - { - "name" : "M-002", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-002.shtml" - }, - { - "name" : "CSSA-2001-SCO.28", - "refsource" : "CALDERA", - "url" : "ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt" - }, - { - "name" : "SSRT0767U", - "refsource" : "COMPAQ", - "url" : "http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml" - }, - { - "name" : "HPSBUX0110-168", - "refsource" : "HP", - "url" : "http://online.securityfocus.com/advisories/3584" - }, - { - "name" : "00212", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212" - }, - { - "name" : "3382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3382" - }, - { - "name" : "1002479", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1002479" - }, - { - "name" : "tooltalk-ttdbserverd-format-string(7069)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3382" + }, + { + "name": "HPSBUX0110-168", + "refsource": "HP", + "url": "http://online.securityfocus.com/advisories/3584" + }, + { + "name": "00212", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212" + }, + { + "name": "20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise98.php" + }, + { + "name": "CA-2001-27", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-27.html" + }, + { + "name": "tooltalk-ttdbserverd-format-string(7069)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7069" + }, + { + "name": "1002479", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1002479" + }, + { + "name": "SSRT0767U", + "refsource": "COMPAQ", + "url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml" + }, + { + "name": "CSSA-2001-SCO.28", + "refsource": "CALDERA", + "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt" + }, + { + "name": "M-002", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-002.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0014.json b/2008/0xxx/CVE-2008-0014.json index e38a4df06e5..4bcf58a448b 100644 --- a/2008/0xxx/CVE-2008-0014.json +++ b/2008/0xxx/CVE-2008-0014.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/310.html" - }, - { - "name" : "http://blogs.iss.net/archive/trend.html", - "refsource" : "MISC", - "url" : "http://blogs.iss.net/archive/trend.html" - }, - { - "name" : "VU#768681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/768681" - }, - { - "name" : "32261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32261" - }, - { - "name" : "ADV-2008-3127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3127" - }, - { - "name" : "32618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32618" - }, - { - "name" : "application-rpc-config3-bo(39920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32618" + }, + { + "name": "32261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32261" + }, + { + "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", + "refsource": "ISS", + "url": "http://www.iss.net/threats/310.html" + }, + { + "name": "application-rpc-config3-bo(39920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39920" + }, + { + "name": "VU#768681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/768681" + }, + { + "name": "http://blogs.iss.net/archive/trend.html", + "refsource": "MISC", + "url": "http://blogs.iss.net/archive/trend.html" + }, + { + "name": "ADV-2008-3127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3127" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0390.json b/2008/0xxx/CVE-2008-0390.json index 52ef123d455..e8c3f26704f 100644 --- a/2008/0xxx/CVE-2008-0390.json +++ b/2008/0xxx/CVE-2008-0390.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4933", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4933" - }, - { - "name" : "27342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27342" - }, - { - "name" : "auracms-stat-code-execution(39777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27342" + }, + { + "name": "4933", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4933" + }, + { + "name": "auracms-stat-code-execution(39777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39777" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0724.json b/2008/0xxx/CVE-2008-0724.json index 0aab5cd95a5..d04cf9ce31f 100644 --- a/2008/0xxx/CVE-2008-0724.json +++ b/2008/0xxx/CVE-2008-0724.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080201 The Everything Development System - SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487436/100/0/threaded" - }, - { - "name" : "5037", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5037" - }, - { - "name" : "3631", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080201 The Everything Development System - SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487436/100/0/threaded" + }, + { + "name": "3631", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3631" + }, + { + "name": "5037", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5037" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0746.json b/2008/0xxx/CVE-2008-0746.json index f7eafaebf64..03586228e1e 100644 --- a/2008/0xxx/CVE-2008-0746.json +++ b/2008/0xxx/CVE-2008-0746.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5084", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5084" - }, - { - "name" : "20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2008-February/001901.html" - }, - { - "name" : "20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2008-February/001902.html" - }, - { - "name" : "27695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2008-February/001901.html" + }, + { + "name": "20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2008-February/001902.html" + }, + { + "name": "27695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27695" + }, + { + "name": "5084", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5084" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1269.json b/2008/1xxx/CVE-2008-1269.json index b1e9037869f..946ea97dbbe 100644 --- a/2008/1xxx/CVE-2008-1269.json +++ b/2008/1xxx/CVE-2008-1269.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip", - "refsource" : "MISC", - "url" : "http://vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "alicegate2pluswifi-admin-security-bypass(41110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "http://vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip", + "refsource": "MISC", + "url": "http://vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip" + }, + { + "name": "alicegate2pluswifi-admin-security-bypass(41110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41110" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1322.json b/2008/1xxx/CVE-2008-1322.json index fba06385034..05cc5224657 100644 --- a/2008/1xxx/CVE-2008-1322.json +++ b/2008/1xxx/CVE-2008-1322.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080310 Multiple vulnerabilities in ASG-Sentry 7.0.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489359/100/0/threaded" - }, - { - "name" : "5229", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5229" - }, - { - "name" : "http://aluigi.altervista.org/adv/asgulo-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/asgulo-adv.txt" - }, - { - "name" : "28188", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28188" - }, - { - "name" : "ADV-2008-0839", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0839/references" - }, - { - "name" : "29289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29289" - }, - { - "name" : "3737", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3737" - }, - { - "name" : "asgsentry-fcheck-dos(41080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asgsentry-fcheck-dos(41080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41080" + }, + { + "name": "28188", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28188" + }, + { + "name": "ADV-2008-0839", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0839/references" + }, + { + "name": "3737", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3737" + }, + { + "name": "29289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29289" + }, + { + "name": "20080310 Multiple vulnerabilities in ASG-Sentry 7.0.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489359/100/0/threaded" + }, + { + "name": "5229", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5229" + }, + { + "name": "http://aluigi.altervista.org/adv/asgulo-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/asgulo-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1535.json b/2008/1xxx/CVE-2008-1535.json index 7d655dfd472..27042dc9858 100644 --- a/2008/1xxx/CVE-2008-1535.json +++ b/2008/1xxx/CVE-2008-1535.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5297", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5297" - }, - { - "name" : "28422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28422" - }, - { - "name" : "29510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29510" - }, - { - "name" : "rekry!joom-index-sql-injection(41385)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rekry!joom-index-sql-injection(41385)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41385" + }, + { + "name": "29510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29510" + }, + { + "name": "5297", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5297" + }, + { + "name": "28422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28422" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1612.json b/2008/1xxx/CVE-2008-1612.json index 4a7cddecc5a..6893cb2a326 100644 --- a/2008/1xxx/CVE-2008-1612.json +++ b/2008/1xxx/CVE-2008-1612.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch", - "refsource" : "MISC", - "url" : "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch" - }, - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt" - }, - { - "name" : "[oss-security] 20080401 CVE id request: squid", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/04/01/5" - }, - { - "name" : "[squid-announce[ 20080322 Advisory Squid-2007:2 updated", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=squid-announce&m=120614453813157&w=2" - }, - { - "name" : "DSA-1646", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1646" - }, - { - "name" : "FEDORA-2008-2740", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html" - }, - { - "name" : "GLSA-200903-38", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-38.xml" - }, - { - "name" : "MDVSA-2008:134", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134" - }, - { - "name" : "RHSA-2008:0214", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0214.html" - }, - { - "name" : "SUSE-SR:2008:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html" - }, - { - "name" : "USN-601-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-601-1" - }, - { - "name" : "28693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28693" - }, - { - "name" : "oval:org.mitre.oval:def:11376", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376" - }, - { - "name" : "29813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29813" - }, - { - "name" : "27477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27477" - }, - { - "name" : "30032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30032" - }, - { - "name" : "32109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32109" - }, - { - "name" : "34467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34467" - }, - { - "name" : "squid-arrayshrink-dos(41586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-601-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-601-1" + }, + { + "name": "FEDORA-2008-2740", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html" + }, + { + "name": "28693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28693" + }, + { + "name": "29813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29813" + }, + { + "name": "SUSE-SR:2008:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html" + }, + { + "name": "30032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30032" + }, + { + "name": "DSA-1646", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1646" + }, + { + "name": "GLSA-200903-38", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-38.xml" + }, + { + "name": "27477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27477" + }, + { + "name": "squid-arrayshrink-dos(41586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586" + }, + { + "name": "MDVSA-2008:134", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134" + }, + { + "name": "32109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32109" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt" + }, + { + "name": "RHSA-2008:0214", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch", + "refsource": "MISC", + "url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch" + }, + { + "name": "[squid-announce[ 20080322 Advisory Squid-2007:2 updated", + "refsource": "MLIST", + "url": "http://marc.info/?l=squid-announce&m=120614453813157&w=2" + }, + { + "name": "oval:org.mitre.oval:def:11376", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376" + }, + { + "name": "34467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34467" + }, + { + "name": "[oss-security] 20080401 CVE id request: squid", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/04/01/5" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1618.json b/2008/1xxx/CVE-2008-1618.json index e5cdeb6e0cd..cc0d93f9134 100644 --- a/2008/1xxx/CVE-2008-1618.json +++ b/2008/1xxx/CVE-2008-1618.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf", - "refsource" : "MISC", - "url" : "http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf" - }, - { - "name" : "28619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28619" - }, - { - "name" : "ADV-2008-1152", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1152/references" - }, - { - "name" : "44218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44218" - }, - { - "name" : "1019796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019796" - }, - { - "name" : "29708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29708" - }, - { - "name" : "firebox-pptpvpn-mschapv2-info-disclosure(41683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf", + "refsource": "MISC", + "url": "http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf" + }, + { + "name": "44218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44218" + }, + { + "name": "ADV-2008-1152", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1152/references" + }, + { + "name": "28619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28619" + }, + { + "name": "firebox-pptpvpn-mschapv2-info-disclosure(41683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41683" + }, + { + "name": "29708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29708" + }, + { + "name": "1019796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019796" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5093.json b/2008/5xxx/CVE-2008-5093.json index 8d33b85c5b3..3003458dc8b 100644 --- a/2008/5xxx/CVE-2008-5093.json +++ b/2008/5xxx/CVE-2008-5093.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3426981", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3426981" - }, - { - "name" : "30947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30947" - }, - { - "name" : "1020785", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020785" - }, - { - "name" : "ADV-2008-2462", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2462" - }, - { - "name" : "novell-edirectory-httpstk-xss(46667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30947" + }, + { + "name": "novell-edirectory-httpstk-xss(46667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46667" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3426981", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3426981" + }, + { + "name": "1020785", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020785" + }, + { + "name": "ADV-2008-2462", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2462" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5483.json b/2008/5xxx/CVE-2008-5483.json index b0a060d967e..3b30d13111e 100644 --- a/2008/5xxx/CVE-2008-5483.json +++ b/2008/5xxx/CVE-2008-5483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5483", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5483", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5555.json b/2008/5xxx/CVE-2008-5555.json index d477fe8d183..87a2b4406b7 100644 --- a/2008/5xxx/CVE-2008-5555.json +++ b/2008/5xxx/CVE-2008-5555.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to \"XDomainRequest Allowed Injection (XAI).\" NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to \"address every conceivable XSS attack scenario.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081211 Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499124/100/0/threaded" - }, - { - "name" : "ie-antixss-xss(47277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47277" - }, - { - "name" : "ie-xdomainrequestallowed-xss-filter-bypass(47444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to \"XDomainRequest Allowed Injection (XAI).\" NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to \"address every conceivable XSS attack scenario.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-xdomainrequestallowed-xss-filter-bypass(47444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47444" + }, + { + "name": "ie-antixss-xss(47277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47277" + }, + { + "name": "20081211 Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499124/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5561.json b/2008/5xxx/CVE-2008-5561.json index 1df9f701be1..01f9358c19c 100644 --- a/2008/5xxx/CVE-2008-5561.json +++ b/2008/5xxx/CVE-2008-5561.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7396", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7396" - }, - { - "name" : "32725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32725" - }, - { - "name" : "4726", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4726" - }, - { - "name" : "netref-ficheproduct-sql-injection(47191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32725" + }, + { + "name": "7396", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7396" + }, + { + "name": "netref-ficheproduct-sql-injection(47191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47191" + }, + { + "name": "4726", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4726" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5738.json b/2008/5xxx/CVE-2008-5738.json index 34c8236199b..60d6ca06440 100644 --- a/2008/5xxx/CVE-2008-5738.json +++ b/2008/5xxx/CVE-2008-5738.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7513", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7513" - }, - { - "name" : "32914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32914" - }, - { - "name" : "50827", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50827" - }, - { - "name" : "33214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33214" - }, - { - "name" : "4816", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4816", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4816" + }, + { + "name": "32914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32914" + }, + { + "name": "7513", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7513" + }, + { + "name": "50827", + "refsource": "OSVDB", + "url": "http://osvdb.org/50827" + }, + { + "name": "33214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33214" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0140.json b/2013/0xxx/CVE-2013-0140.json index 1c2637ea69d..7e73f17ffb0 100644 --- a/2013/0xxx/CVE-2013-0140.json +++ b/2013/0xxx/CVE-2013-0140.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-0140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140427 Re: Exploit: McAfee ePolicy 0wner (ePowner ) – Release", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/289" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10042", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10042" - }, - { - "name" : "TA13-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-193A" - }, - { - "name" : "VU#209131", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/209131" - }, - { - "name" : "59500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#209131", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/209131" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10042", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10042" + }, + { + "name": "TA13-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-193A" + }, + { + "name": "59500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59500" + }, + { + "name": "20140427 Re: Exploit: McAfee ePolicy 0wner (ePowner ) \u00c3\u00a2\u00e2\u0082\u00ac\u00e2\u0080\u009c Release", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/289" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0580.json b/2013/0xxx/CVE-2013-0580.json index 3622191af45..d2818e2abee 100644 --- a/2013/0xxx/CVE-2013-0580.json +++ b/2013/0xxx/CVE-2013-0580.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651990", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651990" - }, - { - "name" : "ibm-optim-cve20130580-csrf(83332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-optim-cve20130580-csrf(83332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83332" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651990", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651990" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0683.json b/2013/0xxx/CVE-2013-0683.json index a9304ede80b..86872e6e952 100644 --- a/2013/0xxx/CVE-2013-0683.json +++ b/2013/0xxx/CVE-2013-0683.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-0683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0720.json b/2013/0xxx/CVE-2013-0720.json index 480c4a8729c..8d9077a1039 100644 --- a/2013/0xxx/CVE-2013-0720.json +++ b/2013/0xxx/CVE-2013-0720.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-0720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#11249169", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN11249169/index.html" - }, - { - "name" : "JVNDB-2013-000027", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#11249169", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN11249169/index.html" + }, + { + "name": "JVNDB-2013-000027", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000027" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3163.json b/2013/3xxx/CVE-2013-3163.json index d7a5fd364e6..534ee9a93fd 100644 --- a/2013/3xxx/CVE-2013-3163.json +++ b/2013/3xxx/CVE-2013-3163.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3144 and CVE-2013-3151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-055", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" - }, - { - "name" : "TA13-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" - }, - { - "name" : "oval:org.mitre.oval:def:17363", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3144 and CVE-2013-3151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-055", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" + }, + { + "name": "oval:org.mitre.oval:def:17363", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17363" + }, + { + "name": "TA13-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-190A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3537.json b/2013/3xxx/CVE-2013-3537.json index 44cd7b9180c..c4a06da5414 100644 --- a/2013/3xxx/CVE-2013-3537.json +++ b/2013/3xxx/CVE-2013-3537.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "59069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59069" - }, - { - "name" : "92318", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92318" - }, - { - "name" : "todooforum-todooforum-sql-injection(83599)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92318", + "refsource": "OSVDB", + "url": "http://osvdb.org/92318" + }, + { + "name": "59069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59069" + }, + { + "name": "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "todooforum-todooforum-sql-injection(83599)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83599" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3878.json b/2013/3xxx/CVE-2013-3878.json index 7c7bcae1843..776ca4849a9 100644 --- a/2013/3xxx/CVE-2013-3878.json +++ b/2013/3xxx/CVE-2013-3878.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka \"LRPC Client Buffer Overrun Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-102", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka \"LRPC Client Buffer Overrun Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-102", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-102" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3914.json b/2013/3xxx/CVE-2013-3914.json index 7829dec41c1..63f139efbc1 100644 --- a/2013/3xxx/CVE-2013-3914.json +++ b/2013/3xxx/CVE-2013-3914.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-088", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-088" - }, - { - "name" : "TA13-317A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-317A" - }, - { - "name" : "oval:org.mitre.oval:def:18893", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-317A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-317A" + }, + { + "name": "MS13-088", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-088" + }, + { + "name": "oval:org.mitre.oval:def:18893", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18893" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4128.json b/2013/4xxx/CVE-2013-4128.json index 724fb423a85..9dbe3f4ddc6 100644 --- a/2013/4xxx/CVE-2013-4128.json +++ b/2013/4xxx/CVE-2013-4128.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=984795", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=984795" - }, - { - "name" : "RHSA-2013:1151", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1151.html" - }, - { - "name" : "RHSA-2013:1152", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1152.html" - }, - { - "name" : "RHSA-2013:1437", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html" - }, - { - "name" : "96217", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96217" - }, - { - "name" : "1028898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028898" - }, - { - "name" : "54508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54508" - }, - { - "name" : "eap-cve20134128-session-hijacking(86386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1152", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1152.html" + }, + { + "name": "96217", + "refsource": "OSVDB", + "url": "http://osvdb.org/96217" + }, + { + "name": "54508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54508" + }, + { + "name": "RHSA-2013:1437", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" + }, + { + "name": "1028898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028898" + }, + { + "name": "RHSA-2013:1151", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1151.html" + }, + { + "name": "eap-cve20134128-session-hijacking(86386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86386" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=984795", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=984795" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4394.json b/2013/4xxx/CVE-2013-4394.json index 11f3c109b73..8abfe7d571c 100644 --- a/2013/4xxx/CVE-2013-4394.json +++ b/2013/4xxx/CVE-2013-4394.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131001 Re: [CVE request] systemd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/01/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=862324", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=862324" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" - }, - { - "name" : "DSA-2777", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2777" - }, - { - "name" : "GLSA-201612-34", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-34" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201612-34", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-34" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=862324", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862324" + }, + { + "name": "DSA-2777", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2777" + }, + { + "name": "[oss-security] 20131001 Re: [CVE request] systemd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/01/9" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4580.json b/2013/4xxx/CVE-2013-4580.json index 0a3263bbe2c..0af9a25b648 100644 --- a/2013/4xxx/CVE-2013-4580.json +++ b/2013/4xxx/CVE-2013-4580.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/15/4" - }, - { - "name" : "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", - "refsource" : "CONFIRM", - "url" : "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/15/4" + }, + { + "name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", + "refsource": "CONFIRM", + "url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6604.json b/2013/6xxx/CVE-2013-6604.json index 2184821fc97..10ae936b795 100644 --- a/2013/6xxx/CVE-2013-6604.json +++ b/2013/6xxx/CVE-2013-6604.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6604", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6604", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7217.json b/2013/7xxx/CVE-2013-7217.json index 142d8adee89..25210b00682 100644 --- a/2013/7xxx/CVE-2013-7217.json +++ b/2013/7xxx/CVE-2013-7217.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has \"critical\" impact and unspecified vectors, a different vulnerability than CVE-2013-7091." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.zimbra.com/show_bug.cgi?id=84547", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.zimbra.com/show_bug.cgi?id=84547" - }, - { - "name" : "http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf", - "refsource" : "CONFIRM", - "url" : "http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf" - }, - { - "name" : "http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf", - "refsource" : "CONFIRM", - "url" : "http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf" - }, - { - "name" : "http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html", - "refsource" : "CONFIRM", - "url" : "http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html" - }, - { - "name" : "64415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64415" - }, - { - "name" : "101147", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/101147" - }, - { - "name" : "56138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56138" - }, - { - "name" : "zimbracollaborationserver-unspecified(89847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has \"critical\" impact and unspecified vectors, a different vulnerability than CVE-2013-7091." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.zimbra.com/show_bug.cgi?id=84547", + "refsource": "CONFIRM", + "url": "http://bugzilla.zimbra.com/show_bug.cgi?id=84547" + }, + { + "name": "http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html", + "refsource": "CONFIRM", + "url": "http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html" + }, + { + "name": "56138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56138" + }, + { + "name": "101147", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/101147" + }, + { + "name": "64415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64415" + }, + { + "name": "zimbracollaborationserver-unspecified(89847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89847" + }, + { + "name": "http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf", + "refsource": "CONFIRM", + "url": "http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf" + }, + { + "name": "http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf", + "refsource": "CONFIRM", + "url": "http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10260.json b/2017/10xxx/CVE-2017-10260.json index c320caa54f9..7d68600f008 100644 --- a/2017/10xxx/CVE-2017-10260.json +++ b/2017/10xxx/CVE-2017-10260.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SSM - (hot-tamale) ILOM: Integrated Lights Out Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "3.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM)." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SSM - (hot-tamale) ILOM: Integrated Lights Out Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101426" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10681.json b/2017/10xxx/CVE-2017-10681.json index 748dbba802a..d2f570de787 100644 --- a/2017/10xxx/CVE-2017-10681.json +++ b/2017/10xxx/CVE-2017-10681.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0", - "refsource" : "CONFIRM", - "url" : "https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0" - }, - { - "name" : "https://github.com/Piwigo/Piwigo/issues/721", - "refsource" : "CONFIRM", - "url" : "https://github.com/Piwigo/Piwigo/issues/721" - }, - { - "name" : "99362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99362" + }, + { + "name": "https://github.com/Piwigo/Piwigo/issues/721", + "refsource": "CONFIRM", + "url": "https://github.com/Piwigo/Piwigo/issues/721" + }, + { + "name": "https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0", + "refsource": "CONFIRM", + "url": "https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10982.json b/2017/10xxx/CVE-2017-10982.json index fe88e8f5440..131fc190608 100644 --- a/2017/10xxx/CVE-2017-10982.json +++ b/2017/10xxx/CVE-2017-10982.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freeradius.org/security/fuzzer-2017.html", - "refsource" : "CONFIRM", - "url" : "http://freeradius.org/security/fuzzer-2017.html" - }, - { - "name" : "DSA-3930", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3930" - }, - { - "name" : "RHSA-2017:1759", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1759" - }, - { - "name" : "99912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99912" - }, - { - "name" : "1038914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038914" + }, + { + "name": "RHSA-2017:1759", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1759" + }, + { + "name": "99912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99912" + }, + { + "name": "DSA-3930", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3930" + }, + { + "name": "http://freeradius.org/security/fuzzer-2017.html", + "refsource": "CONFIRM", + "url": "http://freeradius.org/security/fuzzer-2017.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12167.json b/2017/12xxx/CVE-2017-12167.json index dee160c98b1..577ba22dbe3 100644 --- a/2017/12xxx/CVE-2017-12167.json +++ b/2017/12xxx/CVE-2017-12167.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-12167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EAP-7", - "version" : { - "version_data" : [ - { - "version_value" : "7.0.9" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-732" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-12167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EAP-7", + "version": { + "version_data": [ + { + "version_value": "7.0.9" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167" - }, - { - "name" : "RHSA-2017:3454", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3454" - }, - { - "name" : "RHSA-2017:3455", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3455" - }, - { - "name" : "RHSA-2017:3456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3456" - }, - { - "name" : "RHSA-2017:3458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3458" - }, - { - "name" : "RHSA-2018:0002", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0002" - }, - { - "name" : "RHSA-2018:0003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0003" - }, - { - "name" : "RHSA-2018:0004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0004" - }, - { - "name" : "RHSA-2018:0005", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0005" - }, - { - "name" : "100903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0002", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0002" + }, + { + "name": "RHSA-2017:3458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3458" + }, + { + "name": "RHSA-2018:0004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0004" + }, + { + "name": "100903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100903" + }, + { + "name": "RHSA-2017:3455", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3455" + }, + { + "name": "RHSA-2017:3456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3456" + }, + { + "name": "RHSA-2018:0003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0003" + }, + { + "name": "RHSA-2018:0005", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0005" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167" + }, + { + "name": "RHSA-2017:3454", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3454" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12204.json b/2017/12xxx/CVE-2017-12204.json index 5d5ca744cea..7d1d99d939e 100644 --- a/2017/12xxx/CVE-2017-12204.json +++ b/2017/12xxx/CVE-2017-12204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12204", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12204", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12355.json b/2017/12xxx/CVE-2017-12355.json index 39b300362ec..9fcb9f7fe16 100644 --- a/2017/12xxx/CVE-2017-12355.json +++ b/2017/12xxx/CVE-2017-12355.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XR", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XR" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XR" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr" - }, - { - "name" : "101989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101989" - }, - { - "name" : "1039927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101989" + }, + { + "name": "1039927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039927" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12890.json b/2017/12xxx/CVE-2017-12890.json index ef02c57acc9..f560a2a48ee 100644 --- a/2017/12xxx/CVE-2017-12890.json +++ b/2017/12xxx/CVE-2017-12890.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12890", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12890", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13214.json b/2017/13xxx/CVE-2017-13214.json index 7387861c89e..7d573c185cd 100644 --- a/2017/13xxx/CVE-2017-13214.json +++ b/2017/13xxx/CVE-2017-13214.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "102416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102416" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + }, + { + "name": "102416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102416" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13231.json b/2017/13xxx/CVE-2017-13231.json index ce6608c17e6..a9cc7213f97 100644 --- a/2017/13xxx/CVE-2017-13231.json +++ b/2017/13xxx/CVE-2017-13231.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-13231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-13231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-02-01" - }, - { - "name" : "102976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-02-01" + }, + { + "name": "102976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102976" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13393.json b/2017/13xxx/CVE-2017-13393.json index aa751bdde51..ff2eec9de20 100644 --- a/2017/13xxx/CVE-2017-13393.json +++ b/2017/13xxx/CVE-2017-13393.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13393", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13393", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13655.json b/2017/13xxx/CVE-2017-13655.json index 868b4e19e33..9956b7e07ee 100644 --- a/2017/13xxx/CVE-2017-13655.json +++ b/2017/13xxx/CVE-2017-13655.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13655", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13655", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16424.json b/2017/16xxx/CVE-2017-16424.json index e5a59265e69..a2be335b8d3 100644 --- a/2017/16xxx/CVE-2017-16424.json +++ b/2017/16xxx/CVE-2017-16424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16424", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16424", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17042.json b/2017/17xxx/CVE-2017-17042.json index eb85cd502aa..5ed08313677 100644 --- a/2017/17xxx/CVE-2017-17042.json +++ b/2017/17xxx/CVE-2017-17042.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4", - "refsource" : "CONFIRM", - "url" : "https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4", + "refsource": "CONFIRM", + "url": "https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17106.json b/2017/17xxx/CVE-2017-17106.json index 545b7ee9f96..4eca612c883 100644 --- a/2017/17xxx/CVE-2017-17106.json +++ b/2017/17xxx/CVE-2017-17106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171212 Three exploits for Zivif Web Cameras (may impact others)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Dec/42" - }, - { - "name" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html" - }, - { - "name" : "https://twitter.com/silascutler/status/938052460328968192", - "refsource" : "MISC", - "url" : "https://twitter.com/silascutler/status/938052460328968192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/silascutler/status/938052460328968192", + "refsource": "MISC", + "url": "https://twitter.com/silascutler/status/938052460328968192" + }, + { + "name": "20171212 Three exploits for Zivif Web Cameras (may impact others)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Dec/42" + }, + { + "name": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17190.json b/2017/17xxx/CVE-2017-17190.json index e8d2fd72d4d..af7238b65c9 100644 --- a/2017/17xxx/CVE-2017-17190.json +++ b/2017/17xxx/CVE-2017-17190.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17190", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17190", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17382.json b/2017/17xxx/CVE-2017-17382.json index 8a6415f846c..b1090e7aded 100644 --- a/2017/17xxx/CVE-2017-17382.json +++ b/2017/17xxx/CVE-2017-17382.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://robotattack.org/", - "refsource" : "MISC", - "url" : "https://robotattack.org/" - }, - { - "name" : "https://support.citrix.com/article/ctx230238", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/ctx230238" - }, - { - "name" : "VU#144389", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/144389" - }, - { - "name" : "102173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102173" - }, - { - "name" : "1039985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/ctx230238", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/ctx230238" + }, + { + "name": "https://robotattack.org/", + "refsource": "MISC", + "url": "https://robotattack.org/" + }, + { + "name": "102173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102173" + }, + { + "name": "VU#144389", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/144389" + }, + { + "name": "1039985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039985" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17637.json b/2017/17xxx/CVE-2017-17637.json index 65b9f6044d6..1d0acdfc5cb 100644 --- a/2017/17xxx/CVE-2017-17637.json +++ b/2017/17xxx/CVE-2017-17637.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43308", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43308/" - }, - { - "name" : "https://packetstormsecurity.com/files/145349/Car-Rental-Script-2.0.4-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145349/Car-Rental-Script-2.0.4-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145349/Car-Rental-Script-2.0.4-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145349/Car-Rental-Script-2.0.4-SQL-Injection.html" + }, + { + "name": "43308", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43308/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18047.json b/2018/18xxx/CVE-2018-18047.json index e8318fc3b10..71aff0853f3 100644 --- a/2018/18xxx/CVE-2018-18047.json +++ b/2018/18xxx/CVE-2018-18047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18113.json b/2018/18xxx/CVE-2018-18113.json index 3468aba4655..29dd8f15b65 100644 --- a/2018/18xxx/CVE-2018-18113.json +++ b/2018/18xxx/CVE-2018-18113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18371.json b/2018/18xxx/CVE-2018-18371.json index ce442686160..2f87296774f 100644 --- a/2018/18xxx/CVE-2018-18371.json +++ b/2018/18xxx/CVE-2018-18371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18371", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18371", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18444.json b/2018/18xxx/CVE-2018-18444.json index cb600f31e79..e9613d90b8d 100644 --- a/2018/18xxx/CVE-2018-18444.json +++ b/2018/18xxx/CVE-2018-18444.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openexr/openexr/issues/351", - "refsource" : "MISC", - "url" : "https://github.com/openexr/openexr/issues/351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openexr/openexr/issues/351", + "refsource": "MISC", + "url": "https://github.com/openexr/openexr/issues/351" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18971.json b/2018/18xxx/CVE-2018-18971.json index ee5ea9b1424..f6c600741cc 100644 --- a/2018/18xxx/CVE-2018-18971.json +++ b/2018/18xxx/CVE-2018-18971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18971", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18971", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19326.json b/2018/19xxx/CVE-2018-19326.json index b115ac8b478..5128ced8145 100644 --- a/2018/19xxx/CVE-2018-19326.json +++ b/2018/19xxx/CVE-2018-19326.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33", - "refsource" : "MISC", - "url" : "https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33", + "refsource": "MISC", + "url": "https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19623.json b/2018/19xxx/CVE-2018-19623.json index fc5ec273282..f838135e80b 100644 --- a/2018/19xxx/CVE-2018-19623.json +++ b/2018/19xxx/CVE-2018-19623.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-53.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-53.html" - }, - { - "name" : "DSA-4359", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4359" - }, - { - "name" : "106051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-53.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-53.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132" + }, + { + "name": "106051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106051" + }, + { + "name": "DSA-4359", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4359" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19761.json b/2018/19xxx/CVE-2018-19761.json index 5bd32ed2bf9..0bdafc32aed 100644 --- a/2018/19xxx/CVE-2018-19761.json +++ b/2018/19xxx/CVE-2018-19761.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649200", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1649200", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649200" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19991.json b/2018/19xxx/CVE-2018-19991.json index 2cc97b9e65a..1cbcdd9d53d 100644 --- a/2018/19xxx/CVE-2018-19991.json +++ b/2018/19xxx/CVE-2018-19991.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/alexazhou/VeryNginx/issues/218", - "refsource" : "MISC", - "url" : "https://github.com/alexazhou/VeryNginx/issues/218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/alexazhou/VeryNginx/issues/218", + "refsource": "MISC", + "url": "https://github.com/alexazhou/VeryNginx/issues/218" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1544.json b/2018/1xxx/CVE-2018-1544.json index 2737fac568a..1fb52c0266e 100644 --- a/2018/1xxx/CVE-2018-1544.json +++ b/2018/1xxx/CVE-2018-1544.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-05-22T00:00:00", - "ID" : "CVE-2018-1544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "9.7" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "8.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-05-22T00:00:00", + "ID": "CVE-2018-1544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "10.1" + }, + { + "version_value": "9.7" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016143", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016143" - }, - { - "name" : "1040967", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040967" - }, - { - "name" : "ibm-db2-cve20181544-bo(142648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "L", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "8.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22016143", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143" + }, + { + "name": "ibm-db2-cve20181544-bo(142648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648" + }, + { + "name": "1040967", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040967" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1742.json b/2018/1xxx/CVE-2018-1742.json index 5c45ff878c6..aa07e413eaf 100644 --- a/2018/1xxx/CVE-2018-1742.json +++ b/2018/1xxx/CVE-2018-1742.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-05T00:00:00", - "ID" : "CVE-2018-1742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.6" - }, - { - "version_value" : "2.7" - }, - { - "version_value" : "3.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "C", - "SCORE" : "5.900", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-05T00:00:00", + "ID": "CVE-2018-1742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.6" + }, + { + "version_value": "2.7" + }, + { + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733419", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733419" - }, - { - "name" : "ibm-tivoli-cve20181742-info-disc(148421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "L", + "C": "H", + "I": "N", + "PR": "N", + "S": "C", + "SCORE": "5.900", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733419", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733419" + }, + { + "name": "ibm-tivoli-cve20181742-info-disc(148421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148421" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1755.json b/2018/1xxx/CVE-2018-1755.json index aa0f81c02ac..70047569f6f 100644 --- a/2018/1xxx/CVE-2018-1755.json +++ b/2018/1xxx/CVE-2018-1755.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-22T00:00:00", - "ID" : "CVE-2018-1755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "Liberty" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.900", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-22T00:00:00", + "ID": "CVE-2018-1755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "Liberty" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10728689", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10728689" - }, - { - "name" : "105150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105150" - }, - { - "name" : "1041558", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041558" - }, - { - "name" : "ibm-websphere-cve20181755-info-disc(148597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.900", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20181755-info-disc(148597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148597" + }, + { + "name": "1041558", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041558" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10728689", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728689" + }, + { + "name": "105150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105150" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5079.json b/2018/5xxx/CVE-2018-5079.json index 6f194a66fce..712b8c13d97 100644 --- a/2018/5xxx/CVE-2018-5079.json +++ b/2018/5xxx/CVE-2018-5079.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130", + "refsource": "MISC", + "url": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5142.json b/2018/5xxx/CVE-2018-5142.json index 6deb77c2a4c..8c236b80f54 100644 --- a/2018/5xxx/CVE-2018-5142.json +++ b/2018/5xxx/CVE-2018-5142.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "59" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If Media Capture and Streams API permission is requested from documents with \"data:\" or \"blob:\" URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "59" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/" - }, - { - "name" : "USN-3596-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3596-1/" - }, - { - "name" : "103386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103386" - }, - { - "name" : "1040514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If Media Capture and Streams API permission is requested from documents with \"data:\" or \"blob:\" URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103386" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357" + }, + { + "name": "1040514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040514" + }, + { + "name": "USN-3596-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3596-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5202.json b/2018/5xxx/CVE-2018-5202.json index 8d78a776ccf..136a77b303a 100644 --- a/2018/5xxx/CVE-2018-5202.json +++ b/2018/5xxx/CVE-2018-5202.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@krcert.or.kr", - "DATE_PUBLIC" : "2018-12-21T06:30:00.000Z", - "ID" : "CVE-2018-5202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SKCertService", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "SKCertService", - "version_value" : "2.5.5" - } - ] - } - } - ] - }, - "vendor_name" : "SIGNKOREA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2018-12-21T06:30:00.000Z", + "ID": "CVE-2018-5202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SKCertService", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "SKCertService", + "version_value": "2.5.5" + } + ] + } + } + ] + }, + "vendor_name": "SIGNKOREA" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119", - "refsource" : "MISC", - "url" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119", + "refsource": "MISC", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5747.json b/2018/5xxx/CVE-2018-5747.json index b31e07953ba..81456f9dc3d 100644 --- a/2018/5xxx/CVE-2018-5747.json +++ b/2018/5xxx/CVE-2018-5747.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ckolivas/lrzip/issues/90", - "refsource" : "MISC", - "url" : "https://github.com/ckolivas/lrzip/issues/90" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ckolivas/lrzip/issues/90", + "refsource": "MISC", + "url": "https://github.com/ckolivas/lrzip/issues/90" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5922.json b/2018/5xxx/CVE-2018-5922.json index 5adfc28eff1..82d06bd7d73 100644 --- a/2018/5xxx/CVE-2018-5922.json +++ b/2018/5xxx/CVE-2018-5922.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5922", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5922", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file