diff --git a/2004/1xxx/CVE-2004-1854.json b/2004/1xxx/CVE-2004-1854.json index 1481d7b0ac1..b2db87572dc 100644 --- a/2004/1xxx/CVE-2004-1854.json +++ b/2004/1xxx/CVE-2004-1854.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040324 Buffer overflow in PicoPhone 1.63", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108016032220647&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/picobof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/picobof-adv.txt" - }, - { - "name" : "9969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9969" - }, - { - "name" : "4550", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4550" - }, - { - "name" : "1009551", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009551" - }, - { - "name" : "11209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11209" - }, - { - "name" : "picophone-logging-function-bo(15595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040324 Buffer overflow in PicoPhone 1.63", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108016032220647&w=2" + }, + { + "name": "picophone-logging-function-bo(15595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15595" + }, + { + "name": "1009551", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009551" + }, + { + "name": "4550", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4550" + }, + { + "name": "9969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9969" + }, + { + "name": "http://aluigi.altervista.org/adv/picobof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/picobof-adv.txt" + }, + { + "name": "11209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11209" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1994.json b/2004/1xxx/CVE-2004-1994.json index 10d6c3a4c78..98ff712f75a 100644 --- a/2004/1xxx/CVE-2004-1994.json +++ b/2004/1xxx/CVE-2004-1994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040505 Fuse Talk Vunerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108377423825478&w=2" - }, - { - "name" : "10278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10278" - }, - { - "name" : "5894", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5894" - }, - { - "name" : "11555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11555" - }, - { - "name" : "fusetalk-banning-unauth-access(16081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040505 Fuse Talk Vunerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108377423825478&w=2" + }, + { + "name": "fusetalk-banning-unauth-access(16081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16081" + }, + { + "name": "11555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11555" + }, + { + "name": "5894", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5894" + }, + { + "name": "10278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10278" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0168.json b/2008/0xxx/CVE-2008-0168.json index d11969c2803..6c4dcd06db0 100644 --- a/2008/0xxx/CVE-2008-0168.json +++ b/2008/0xxx/CVE-2008-0168.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0168", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0168", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0401.json b/2008/0xxx/CVE-2008-0401.json index 3ba404ea7d2..1300171fd57 100644 --- a/2008/0xxx/CVE-2008-0401.json +++ b/2008/0xxx/CVE-2008-0401.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg24018010", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24018010" - }, - { - "name" : "VU#158609", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/158609" - }, - { - "name" : "27387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27387" - }, - { - "name" : "ADV-2008-0239", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0239" - }, - { - "name" : "1019249", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019249" - }, - { - "name" : "28604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28604" - }, - { - "name" : "tivoli-provisioning-http-unspecified(39819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0239", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0239" + }, + { + "name": "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647" + }, + { + "name": "tivoli-provisioning-http-unspecified(39819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010" + }, + { + "name": "28604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28604" + }, + { + "name": "1019249", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019249" + }, + { + "name": "VU#158609", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/158609" + }, + { + "name": "27387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27387" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0420.json b/2008/0xxx/CVE-2008-0420.json index cc727d627bc..b2ccb7f4621 100644 --- a/2008/0xxx/CVE-2008-0420.json +++ b/2008/0xxx/CVE-2008-0420.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080216 [HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488264/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-07.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=408076", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=408076" - }, - { - "name" : "http://browser.netscape.com/releasenotes/", - "refsource" : "CONFIRM", - "url" : "http://browser.netscape.com/releasenotes/" - }, - { - "name" : "FEDORA-2008-2060", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html" - }, - { - "name" : "FEDORA-2008-2118", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html" - }, - { - "name" : "GLSA-200805-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" - }, - { - "name" : "MDVSA-2008:048", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048" - }, - { - "name" : "238492", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" - }, - { - "name" : "USN-576-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/576-1/" - }, - { - "name" : "USN-582-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-582-1" - }, - { - "name" : "USN-582-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-582-2" - }, - { - "name" : "27826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27826" - }, - { - "name" : "oval:org.mitre.oval:def:10119", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119" - }, - { - "name" : "ADV-2008-0627", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0627/references" - }, - { - "name" : "ADV-2008-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1793/references" - }, - { - "name" : "1019434", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019434" - }, - { - "name" : "28839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28839" - }, - { - "name" : "29049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29049" - }, - { - "name" : "28758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28758" - }, - { - "name" : "29167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29167" - }, - { - "name" : "29098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29098" - }, - { - "name" : "30327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30327" - }, - { - "name" : "30620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30620" - }, - { - "name" : "firefox-bmp-information-disclosure(40491)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40491" - }, - { - "name" : "firefox-bmp-dos(40606)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-582-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-582-2" + }, + { + "name": "http://browser.netscape.com/releasenotes/", + "refsource": "CONFIRM", + "url": "http://browser.netscape.com/releasenotes/" + }, + { + "name": "20080216 [HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488264/100/0/threaded" + }, + { + "name": "FEDORA-2008-2118", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html" + }, + { + "name": "FEDORA-2008-2060", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html" + }, + { + "name": "30620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30620" + }, + { + "name": "29049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29049" + }, + { + "name": "firefox-bmp-information-disclosure(40491)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40491" + }, + { + "name": "USN-582-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-582-1" + }, + { + "name": "29167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29167" + }, + { + "name": "30327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30327" + }, + { + "name": "238492", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=408076", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=408076" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-07.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-07.html" + }, + { + "name": "ADV-2008-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1793/references" + }, + { + "name": "27826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27826" + }, + { + "name": "firefox-bmp-dos(40606)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40606" + }, + { + "name": "1019434", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019434" + }, + { + "name": "oval:org.mitre.oval:def:10119", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119" + }, + { + "name": "ADV-2008-0627", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0627/references" + }, + { + "name": "GLSA-200805-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" + }, + { + "name": "28758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28758" + }, + { + "name": "MDVSA-2008:048", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048" + }, + { + "name": "29098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29098" + }, + { + "name": "28839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28839" + }, + { + "name": "USN-576-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/576-1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3145.json b/2008/3xxx/CVE-2008-3145.json index fe2e94a64b7..3f58e5edb83 100644 --- a/2008/3xxx/CVE-2008-3145.json +++ b/2008/3xxx/CVE-2008-3145.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080729 rPSA-2008-0237-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494859/100/0/threaded" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-04.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=454984", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=454984" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2684", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2684" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" - }, - { - "name" : "DSA-1673", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1673" - }, - { - "name" : "FEDORA-2008-6440", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" - }, - { - "name" : "GLSA-200808-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-04.xml" - }, - { - "name" : "MDVSA-2008:152", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:152" - }, - { - "name" : "RHSA-2008:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "30181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30181" - }, - { - "name" : "oval:org.mitre.oval:def:9020", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020" - }, - { - "name" : "ADV-2008-2057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2057/references" - }, - { - "name" : "ADV-2008-2773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2773" - }, - { - "name" : "1020471", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020471" - }, - { - "name" : "31044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31044" - }, - { - "name" : "31085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31085" - }, - { - "name" : "31257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31257" - }, - { - "name" : "31378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31378" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "32091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32091" - }, - { - "name" : "32944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32944" - }, - { - "name" : "wireshark-packets-dos(43719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-04.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-04.html" + }, + { + "name": "30181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30181" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470" + }, + { + "name": "20080729 rPSA-2008-0237-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494859/100/0/threaded" + }, + { + "name": "FEDORA-2008-6440", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" + }, + { + "name": "RHSA-2008:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html" + }, + { + "name": "oval:org.mitre.oval:def:9020", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2684", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2684" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237" + }, + { + "name": "ADV-2008-2057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2057/references" + }, + { + "name": "GLSA-200808-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343" + }, + { + "name": "wireshark-packets-dos(43719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43719" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" + }, + { + "name": "MDVSA-2008:152", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:152" + }, + { + "name": "32091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32091" + }, + { + "name": "31044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31044" + }, + { + "name": "ADV-2008-2773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2773" + }, + { + "name": "32944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32944" + }, + { + "name": "31257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31257" + }, + { + "name": "31378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31378" + }, + { + "name": "DSA-1673", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1673" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=454984", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454984" + }, + { + "name": "31085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31085" + }, + { + "name": "1020471", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020471" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3491.json b/2008/3xxx/CVE-2008-3491.json index c4d6bacedd4..790f984823d 100644 --- a/2008/3xxx/CVE-2008-3491.json +++ b/2008/3xxx/CVE-2008-3491.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6185", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6185" - }, - { - "name" : "6186", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6186" - }, - { - "name" : "30504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30504" - }, - { - "name" : "30505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30505" - }, - { - "name" : "47333", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/47333" - }, - { - "name" : "31344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31344" - }, - { - "name" : "31345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31345" - }, - { - "name" : "4117", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4117" - }, - { - "name" : "ipost-go-sql-injection(44176)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44176" - }, - { - "name" : "itgp-go-sql-injection(44175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47333", + "refsource": "OSVDB", + "url": "http://osvdb.org/47333" + }, + { + "name": "6185", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6185" + }, + { + "name": "6186", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6186" + }, + { + "name": "31344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31344" + }, + { + "name": "4117", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4117" + }, + { + "name": "30505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30505" + }, + { + "name": "itgp-go-sql-injection(44175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44175" + }, + { + "name": "ipost-go-sql-injection(44176)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44176" + }, + { + "name": "31345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31345" + }, + { + "name": "30504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30504" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3636.json b/2008/3xxx/CVE-2008-3636.json index 6ce7bfc834d..4703d07aabe 100644 --- a/2008/3xxx/CVE-2008-3636.json +++ b/2008/3xxx/CVE-2008-3636.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\\\.\\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081007 [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497131/100/0/threaded" - }, - { - "name" : "http://www.wintercore.com/advisories/advisory_W021008.html", - "refsource" : "MISC", - "url" : "http://www.wintercore.com/advisories/advisory_W021008.html" - }, - { - "name" : "http://support.apple.com/kb/HT3025", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3025" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2008.10.07a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2008.10.07a.html" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html" - }, - { - "name" : "http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf" - }, - { - "name" : "APPLE-SA-2009-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html" - }, - { - "name" : "VU#146896", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/146896" - }, - { - "name" : "31089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31089" - }, - { - "name" : "oval:org.mitre.oval:def:6035", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6035" - }, - { - "name" : "1020997", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020997" - }, - { - "name" : "1020998", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020998" - }, - { - "name" : "1020999", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020999" - }, - { - "name" : "ADV-2008-2769", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2769" - }, - { - "name" : "ADV-2008-2526", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2526" - }, - { - "name" : "1020839", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020839" - }, - { - "name" : "ADV-2008-2770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\\\.\\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020999", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020999" + }, + { + "name": "APPLE-SA-2009-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2008.10.07a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2008.10.07a.html" + }, + { + "name": "ADV-2008-2770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2770" + }, + { + "name": "ADV-2008-2526", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2526" + }, + { + "name": "1020998", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020998" + }, + { + "name": "1020839", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020839" + }, + { + "name": "http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf", + "refsource": "CONFIRM", + "url": "http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf" + }, + { + "name": "http://support.apple.com/kb/HT3025", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3025" + }, + { + "name": "1020997", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020997" + }, + { + "name": "ADV-2008-2769", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2769" + }, + { + "name": "VU#146896", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/146896" + }, + { + "name": "http://www.wintercore.com/advisories/advisory_W021008.html", + "refsource": "MISC", + "url": "http://www.wintercore.com/advisories/advisory_W021008.html" + }, + { + "name": "oval:org.mitre.oval:def:6035", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6035" + }, + { + "name": "31089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31089" + }, + { + "name": "20081007 [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497131/100/0/threaded" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3705.json b/2008/3xxx/CVE-2008-3705.json index 33453213743..93302e6614b 100644 --- a/2008/3xxx/CVE-2008-3705.json +++ b/2008/3xxx/CVE-2008-3705.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the CLogger::WriteFormated function in echoware/Logger.cpp in EchoVNC Linux before 1.1.2 allows remote echoServers to execute arbitrary code via a large (1) group or (2) user list, aka a \"very crowded echoServer\" attack. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=620019&group_id=133100", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=620019&group_id=133100" - }, - { - "name" : "30722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30722" - }, - { - "name" : "31526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31526" - }, - { - "name" : "echovnc-clogger-bo(44501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the CLogger::WriteFormated function in echoware/Logger.cpp in EchoVNC Linux before 1.1.2 allows remote echoServers to execute arbitrary code via a large (1) group or (2) user list, aka a \"very crowded echoServer\" attack. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30722" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=620019&group_id=133100", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=620019&group_id=133100" + }, + { + "name": "echovnc-clogger-bo(44501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44501" + }, + { + "name": "31526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31526" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3707.json b/2008/3xxx/CVE-2008-3707.json index bed6ecba07b..3bb5edd65e1 100644 --- a/2008/3xxx/CVE-2008-3707.json +++ b/2008/3xxx/CVE-2008-3707.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (17) delete_ban.php, (18) delete_board.php, (19) delete_messages.php, (20) delete_vip.php, (21) edit_ban.php, (22) edit_board.php, (23) edit_vip.php, (24) index.php, (25) lock_messages.php, (26) login.php, (27) modify_ban_list.php, (28) modify_vip_list.php, (29) move_messages.php, (30) process_add_board.php, (31) process_ban.php, (32) process_delete_ban.php, (33) process_delete_board.php, (34) process_delete_messages.php, (35) process_delete_vip.php, (36) process_edit_board.php, (37) process_lock_messages.php, (38) process_login.php, (39) process_move_messages.php, (40) process_sticky_messages.php, (41) process_vip.php, and (42) sticky_messages.php in path/adminopts. NOTE: the include/common.php vector is covered by CVE-2006-2871. NOTE: some of these vectors might not be vulnerabilities under proper installation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt" - }, - { - "name" : "20080819 CyBoards PHP uncertainties (RFI/path traversal)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2008-August/002052.html" - }, - { - "name" : "30688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30688" - }, - { - "name" : "cyboardsphplite-scriptpath-file-include(44474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (17) delete_ban.php, (18) delete_board.php, (19) delete_messages.php, (20) delete_vip.php, (21) edit_ban.php, (22) edit_board.php, (23) edit_vip.php, (24) index.php, (25) lock_messages.php, (26) login.php, (27) modify_ban_list.php, (28) modify_vip_list.php, (29) move_messages.php, (30) process_add_board.php, (31) process_ban.php, (32) process_delete_ban.php, (33) process_delete_board.php, (34) process_delete_messages.php, (35) process_delete_vip.php, (36) process_edit_board.php, (37) process_lock_messages.php, (38) process_login.php, (39) process_move_messages.php, (40) process_sticky_messages.php, (41) process_vip.php, and (42) sticky_messages.php in path/adminopts. NOTE: the include/common.php vector is covered by CVE-2006-2871. NOTE: some of these vectors might not be vulnerabilities under proper installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cyboardsphplite-scriptpath-file-include(44474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44474" + }, + { + "name": "30688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30688" + }, + { + "name": "http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt" + }, + { + "name": "20080819 CyBoards PHP uncertainties (RFI/path traversal)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2008-August/002052.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3961.json b/2008/3xxx/CVE-2008-3961.json index 3924fa26bfa..bdb8baadc94 100644 --- a/2008/3xxx/CVE-2008-3961.json +++ b/2008/3xxx/CVE-2008-3961.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/advisories/apsa08-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa08-07.html" - }, - { - "name" : "31208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31208" - }, - { - "name" : "ADV-2008-2600", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2600" - }, - { - "name" : "1020892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020892" - }, - { - "name" : "31902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31902" - }, - { - "name" : "adobe-illustrator-ai-code-execution(45180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/advisories/apsa08-07.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa08-07.html" + }, + { + "name": "1020892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020892" + }, + { + "name": "adobe-illustrator-ai-code-execution(45180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45180" + }, + { + "name": "31902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31902" + }, + { + "name": "ADV-2008-2600", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2600" + }, + { + "name": "31208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31208" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4421.json b/2008/4xxx/CVE-2008-4421.json index f8ec7066fa4..800683aecc8 100644 --- a/2008/4xxx/CVE-2008-4421.json +++ b/2008/4xxx/CVE-2008-4421.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a \"..\\\" (dot dot backslash) in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081003 MetaGauge 1.0.0.17 Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497039/100/0/threaded" - }, - { - "name" : "6686", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6686" - }, - { - "name" : "31596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31596" - }, - { - "name" : "ADV-2008-2747", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2747" - }, - { - "name" : "32094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32094" - }, - { - "name" : "4360", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4360" - }, - { - "name" : "metagauge-http-directory-traversal(45697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a \"..\\\" (dot dot backslash) in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "metagauge-http-directory-traversal(45697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45697" + }, + { + "name": "20081003 MetaGauge 1.0.0.17 Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497039/100/0/threaded" + }, + { + "name": "ADV-2008-2747", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2747" + }, + { + "name": "32094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32094" + }, + { + "name": "4360", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4360" + }, + { + "name": "6686", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6686" + }, + { + "name": "31596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31596" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4430.json b/2008/4xxx/CVE-2008-4430.json index 84fc1c25357..402fa4d8c0a 100644 --- a/2008/4xxx/CVE-2008-4430.json +++ b/2008/4xxx/CVE-2008-4430.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4430", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3699. Reason: This candidate is a duplicate of CVE-2008-3699. Notes: All CVE users should reference CVE-2008-3699 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4430", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3699. Reason: This candidate is a duplicate of CVE-2008-3699. Notes: All CVE users should reference CVE-2008-3699 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4642.json b/2008/4xxx/CVE-2008-4642.json index 398e1fbc453..9b20225a526 100644 --- a/2008/4xxx/CVE-2008-4642.json +++ b/2008/4xxx/CVE-2008-4642.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6758", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6758" - }, - { - "name" : "31771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31771" - }, - { - "name" : "32290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32290" - }, - { - "name" : "4449", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4449" - }, - { - "name" : "astrospaces-profile-sql-injection(45915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4449", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4449" + }, + { + "name": "astrospaces-profile-sql-injection(45915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45915" + }, + { + "name": "6758", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6758" + }, + { + "name": "32290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32290" + }, + { + "name": "31771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31771" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4675.json b/2008/4xxx/CVE-2008-4675.json index e90a2905119..36601ad4de9 100644 --- a/2008/4xxx/CVE-2008-4675.json +++ b/2008/4xxx/CVE-2008-4675.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6611", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6611" - }, - { - "name" : "31451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31451" - }, - { - "name" : "4465", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4465" - }, - { - "name" : "phpcounter-index-sql-injection(45493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4465", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4465" + }, + { + "name": "6611", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6611" + }, + { + "name": "phpcounter-index-sql-injection(45493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45493" + }, + { + "name": "31451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31451" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4752.json b/2008/4xxx/CVE-2008-4752.json index 6e76debec28..e4daa4d12f7 100644 --- a/2008/4xxx/CVE-2008-4752.json +++ b/2008/4xxx/CVE-2008-4752.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6836", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6836" - }, - { - "name" : "31919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31919" - }, - { - "name" : "32405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32405" - }, - { - "name" : "4511", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4511" - }, - { - "name" : "tlnews-tlnewslogin-authentication-bypass(46116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4511", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4511" + }, + { + "name": "31919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31919" + }, + { + "name": "tlnews-tlnewslogin-authentication-bypass(46116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46116" + }, + { + "name": "32405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32405" + }, + { + "name": "6836", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6836" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4783.json b/2008/4xxx/CVE-2008-4783.json index c2682432f27..571dc08ef74 100644 --- a/2008/4xxx/CVE-2008-4783.json +++ b/2008/4xxx/CVE-2008-4783.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to \"admin.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6848", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6848" - }, - { - "name" : "31939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31939" - }, - { - "name" : "32427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32427" - }, - { - "name" : "4529", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to \"admin.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6848", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6848" + }, + { + "name": "4529", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4529" + }, + { + "name": "31939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31939" + }, + { + "name": "32427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32427" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6703.json b/2008/6xxx/CVE-2008-6703.json index d4c0aa074f9..87775c31f23 100644 --- a/2008/6xxx/CVE-2008-6703.json +++ b/2008/6xxx/CVE-2008-6703.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080628 Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493765" - }, - { - "name" : "http://aluigi.altervista.org/adv/stalker39x-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/stalker39x-adv.txt" - }, - { - "name" : "29997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29997" - }, - { - "name" : "46626", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46626" - }, - { - "name" : "30891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30891" - }, - { - "name" : "stalker-multipacketreceiver-bo(43454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/stalker39x-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/stalker39x-adv.txt" + }, + { + "name": "20080628 Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493765" + }, + { + "name": "stalker-multipacketreceiver-bo(43454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43454" + }, + { + "name": "29997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29997" + }, + { + "name": "46626", + "refsource": "OSVDB", + "url": "http://osvdb.org/46626" + }, + { + "name": "30891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30891" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7260.json b/2008/7xxx/CVE-2008-7260.json index 70f8c8b1639..153e1b06ab8 100644 --- a/2008/7xxx/CVE-2008-7260.json +++ b/2008/7xxx/CVE-2008-7260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7260", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7260", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2055.json b/2013/2xxx/CVE-2013-2055.json index bf09fe20453..6d0ff171b25 100644 --- a/2013/2xxx/CVE-2013-2055.json +++ b/2013/2xxx/CVE-2013-2055.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140206 [CVE-2013-2055] Apache Wicket information disclosure vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Feb/38" - }, - { - "name" : "https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html", - "refsource" : "CONFIRM", - "url" : "https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html" - }, - { - "name" : "https://wicket.apache.org/2014/02/06/cve-2013-2055.html", - "refsource" : "CONFIRM", - "url" : "https://wicket.apache.org/2014/02/06/cve-2013-2055.html" - }, - { - "name" : "65431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65431" - }, - { - "name" : "102955", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140206 [CVE-2013-2055] Apache Wicket information disclosure vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Feb/38" + }, + { + "name": "https://wicket.apache.org/2014/02/06/cve-2013-2055.html", + "refsource": "CONFIRM", + "url": "https://wicket.apache.org/2014/02/06/cve-2013-2055.html" + }, + { + "name": "102955", + "refsource": "OSVDB", + "url": "http://osvdb.org/102955" + }, + { + "name": "https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html", + "refsource": "CONFIRM", + "url": "https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html" + }, + { + "name": "65431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65431" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2345.json b/2013/2xxx/CVE-2013-2345.json index 27e0ecb79e7..ce1cc3f907a 100644 --- a/2013/2xxx/CVE-2013-2345.json +++ b/2013/2xxx/CVE-2013-2345.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02895", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - }, - { - "name" : "SSRT101218", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - }, - { - "name" : "SSRT101253", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101218", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + }, + { + "name": "HPSBMU02895", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + }, + { + "name": "SSRT101253", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2363.json b/2013/2xxx/CVE-2013-2363.json index 8298bba9146..5dc814d4f46 100644 --- a/2013/2xxx/CVE-2013-2363.json +++ b/2013/2xxx/CVE-2013-2363.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02900", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SSRT101150", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101150", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "HPSBMU02900", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2906.json b/2013/2xxx/CVE-2013-2906.json index b9d2980e798..43818e60b26 100644 --- a/2013/2xxx/CVE-2013-2906.json +++ b/2013/2xxx/CVE-2013-2906.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=223962", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=223962" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=270758", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=270758" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=271161", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=271161" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=284785", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=284785" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=284786", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=284786" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=157243&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=157243&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=157245&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=157245&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=157256&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=157256&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=157259&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=157259&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=157273&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=157273&view=revision" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "openSUSE-SU-2013:1556", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:19013", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=284785", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=284785" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=157259&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=157259&view=revision" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "openSUSE-SU-2013:1556", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:19013", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=271161", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=271161" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=157256&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=157256&view=revision" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=157245&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=157245&view=revision" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=270758", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=270758" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=284786", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=284786" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=223962", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=223962" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=157243&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=157243&view=revision" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=157273&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=157273&view=revision" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6003.json b/2013/6xxx/CVE-2013-6003.json index 8cfa8c716e3..7ce46d2a3f2 100644 --- a/2013/6xxx/CVE-2013-6003.json +++ b/2013/6xxx/CVE-2013-6003.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-6003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20131202up01.php", - "refsource" : "MISC", - "url" : "http://cs.cybozu.co.jp/information/20131202up01.php" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/6121", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/6121" - }, - { - "name" : "JVN#84221103", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN84221103/index.html" - }, - { - "name" : "JVNDB-2013-000116", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20131202up01.php", + "refsource": "MISC", + "url": "http://cs.cybozu.co.jp/information/20131202up01.php" + }, + { + "name": "JVNDB-2013-000116", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/6121", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/6121" + }, + { + "name": "JVN#84221103", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN84221103/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6060.json b/2013/6xxx/CVE-2013-6060.json index 383e62fc71f..a26c11c4326 100644 --- a/2013/6xxx/CVE-2013-6060.json +++ b/2013/6xxx/CVE-2013-6060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6060", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6060", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6366.json b/2013/6xxx/CVE-2013-6366.json index a4ff5511a82..fd438fc6ca1 100644 --- a/2013/6xxx/CVE-2013-6366.json +++ b/2013/6xxx/CVE-2013-6366.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28962", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28962/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28962", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28962/" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6524.json b/2013/6xxx/CVE-2013-6524.json index a0e4f1c40f0..edc6386997b 100644 --- a/2013/6xxx/CVE-2013-6524.json +++ b/2013/6xxx/CVE-2013-6524.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6524", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6524", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6814.json b/2013/6xxx/CVE-2013-6814.json index b8e012aaf1e..17333a8ae00 100644 --- a/2013/6xxx/CVE-2013-6814.json +++ b/2013/6xxx/CVE-2013-6814.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1854826", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1854826" - }, - { - "name" : "55778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://service.sap.com/sap/support/notes/1854826", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1854826" + }, + { + "name": "55778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55778" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7440.json b/2013/7xxx/CVE-2013-7440.json index b1452ad2184..e888eec8e89 100644 --- a/2013/7xxx/CVE-2013-7440.json +++ b/2013/7xxx/CVE-2013-7440.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-7440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q2/483" - }, - { - "name" : "[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q2/523" - }, - { - "name" : "https://bugs.python.org/issue17997", - "refsource" : "CONFIRM", - "url" : "https://bugs.python.org/issue17997" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1224999", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1224999" - }, - { - "name" : "https://hg.python.org/cpython/rev/10d0edadbcdd", - "refsource" : "CONFIRM", - "url" : "https://hg.python.org/cpython/rev/10d0edadbcdd" - }, - { - "name" : "RHSA-2016:1166", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1166" - }, - { - "name" : "74707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q2/483" + }, + { + "name": "RHSA-2016:1166", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1166" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999" + }, + { + "name": "https://hg.python.org/cpython/rev/10d0edadbcdd", + "refsource": "CONFIRM", + "url": "https://hg.python.org/cpython/rev/10d0edadbcdd" + }, + { + "name": "https://bugs.python.org/issue17997", + "refsource": "CONFIRM", + "url": "https://bugs.python.org/issue17997" + }, + { + "name": "74707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74707" + }, + { + "name": "[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q2/523" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10207.json b/2017/10xxx/CVE-2017-10207.json index ab7ae59574a..00eb4bea25a 100644 --- a/2017/10xxx/CVE-2017-10207.json +++ b/2017/10xxx/CVE-2017-10207.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Simphony", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.9" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Simphony", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.9" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99718" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99718" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10709.json b/2017/10xxx/CVE-2017-10709.json index e9db6e79bdd..de7aabcf328 100644 --- a/2017/10xxx/CVE-2017-10709.json +++ b/2017/10xxx/CVE-2017-10709.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/", - "refsource" : "MISC", - "url" : "https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/" - }, - { - "name" : "https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen", - "refsource" : "MISC", - "url" : "https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen" - }, - { - "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707" - }, - { - "name" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0" - }, - { - "name" : "https://www.youtube.com/watch?v=dwyzonP2eZw", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=dwyzonP2eZw" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/", + "refsource": "MISC", + "url": "https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/" + }, + { + "name": "https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen", + "refsource": "MISC", + "url": "https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen" + }, + { + "name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0" + }, + { + "name": "https://www.youtube.com/watch?v=dwyzonP2eZw", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=dwyzonP2eZw" + }, + { + "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14055.json b/2017/14xxx/CVE-2017-14055.json index d6d28ff5d8c..c920f94f106 100644 --- a/2017/14xxx/CVE-2017-14055.json +++ b/2017/14xxx/CVE-2017-14055.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large \"nb_frames\" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e" - }, - { - "name" : "DSA-3996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3996" - }, - { - "name" : "100626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large \"nb_frames\" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100626" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e" + }, + { + "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" + }, + { + "name": "DSA-3996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3996" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14092.json b/2017/14xxx/CVE-2017-14092.json index eb80e9f6b0a..795f46b1940 100644 --- a/2017/14xxx/CVE-2017-14092.json +++ b/2017/14xxx/CVE-2017-14092.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2017-14092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2017-14092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1118486", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1118486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1118486", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1118486" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14158.json b/2017/14xxx/CVE-2017-14158.json index 4bdfb31d5a8..8ad19b724ca 100644 --- a/2017/14xxx/CVE-2017-14158.json +++ b/2017/14xxx/CVE-2017-14158.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.csdn.net/wangtua/article/details/75228728", - "refsource" : "MISC", - "url" : "http://blog.csdn.net/wangtua/article/details/75228728" - }, - { - "name" : "https://github.com/scrapy/scrapy/issues/482", - "refsource" : "MISC", - "url" : "https://github.com/scrapy/scrapy/issues/482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/scrapy/scrapy/issues/482", + "refsource": "MISC", + "url": "https://github.com/scrapy/scrapy/issues/482" + }, + { + "name": "http://blog.csdn.net/wangtua/article/details/75228728", + "refsource": "MISC", + "url": "http://blog.csdn.net/wangtua/article/details/75228728" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14387.json b/2017/14xxx/CVE-2017-14387.json index 22f0a1b5ee0..1f32b3d9004 100644 --- a/2017/14xxx/CVE-2017-14387.json +++ b/2017/14xxx/CVE-2017-14387.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-14387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an \"NFS Export Security Setting Fallback Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NFS Export Security Setting Fallback Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-14387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4", + "version": { + "version_data": [ + { + "version_value": "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Dec/78", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Dec/78" - }, - { - "name" : "102292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an \"NFS Export Security Setting Fallback Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NFS Export Security Setting Fallback Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Dec/78", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Dec/78" + }, + { + "name": "102292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102292" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14488.json b/2017/14xxx/CVE-2017-14488.json index 54b6940d81b..cf725c0ab9e 100644 --- a/2017/14xxx/CVE-2017-14488.json +++ b/2017/14xxx/CVE-2017-14488.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14488", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14488", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14731.json b/2017/14xxx/CVE-2017-14731.json index 6d0a88cddca..9480b409d25 100644 --- a/2017/14xxx/CVE-2017-14731.json +++ b/2017/14xxx/CVE-2017-14731.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171126 [SECURITY] [DLA 1192-1] libofx security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html" - }, - { - "name" : "https://github.com/libofx/libofx/issues/10", - "refsource" : "MISC", - "url" : "https://github.com/libofx/libofx/issues/10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171126 [SECURITY] [DLA 1192-1] libofx security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html" + }, + { + "name": "https://github.com/libofx/libofx/issues/10", + "refsource": "MISC", + "url": "https://github.com/libofx/libofx/issues/10" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15181.json b/2017/15xxx/CVE-2017-15181.json index 5c8c17874c7..a097251c40f 100644 --- a/2017/15xxx/CVE-2017-15181.json +++ b/2017/15xxx/CVE-2017-15181.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15181", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15181", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15252.json b/2017/15xxx/CVE-2017-15252.json index 2bf067ae98f..0e20ef02eb7 100644 --- a/2017/15xxx/CVE-2017-15252.json +++ b/2017/15xxx/CVE-2017-15252.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15252", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15252", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15252" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15552.json b/2017/15xxx/CVE-2017-15552.json index 62c2705f759..542e202b6dc 100644 --- a/2017/15xxx/CVE-2017-15552.json +++ b/2017/15xxx/CVE-2017-15552.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15552", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15552", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15884.json b/2017/15xxx/CVE-2017-15884.json index 74a9378e81a..52e0b61c387 100644 --- a/2017/15xxx/CVE-2017-15884.json +++ b/2017/15xxx/CVE-2017-15884.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43222", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43222/" - }, - { - "name" : "https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html", - "refsource" : "MISC", - "url" : "https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html", + "refsource": "MISC", + "url": "https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html" + }, + { + "name": "43222", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43222/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9106.json b/2017/9xxx/CVE-2017-9106.json index 832c502bdaa..6100f529cf5 100644 --- a/2017/9xxx/CVE-2017-9106.json +++ b/2017/9xxx/CVE-2017-9106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9106", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9106", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9745.json b/2017/9xxx/CVE-2017-9745.json index e3ad9ebf56e..507bad6b3cd 100644 --- a/2017/9xxx/CVE-2017-9745.json +++ b/2017/9xxx/CVE-2017-9745.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21579", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" - }, - { - "name" : "99109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99109" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21579", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9795.json b/2017/9xxx/CVE-2017-9795.json index 02565f13878..67a451f0101 100644 --- a/2017/9xxx/CVE-2017-9795.json +++ b/2017/9xxx/CVE-2017-9795.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2017-9795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Geode", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0 to 1.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2017-9795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Geode", + "version": { + "version_data": [ + { + "version_value": "1.0.0 to 1.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[user] 20180109 [SECURITY] CVE-2017-9795 Apache Geode OQL method invocation vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7@%3Cuser.geode.apache.org%3E" - }, - { - "name" : "102488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[user] 20180109 [SECURITY] CVE-2017-9795 Apache Geode OQL method invocation vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7@%3Cuser.geode.apache.org%3E" + }, + { + "name": "102488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102488" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9915.json b/2017/9xxx/CVE-2017-9915.json index 0eda2082a97..31aebc3dd6d 100644 --- a/2017/9xxx/CVE-2017-9915.json +++ b/2017/9xxx/CVE-2017-9915.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a \"Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9915", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a \"Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9915", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9915" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9922.json b/2017/9xxx/CVE-2017-9922.json index bc0f883e079..d4a95181060 100644 --- a/2017/9xxx/CVE-2017-9922.json +++ b/2017/9xxx/CVE-2017-9922.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9922", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9922", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9922" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0062.json b/2018/0xxx/CVE-2018-0062.json index b3d687e1cca..771ca9cebca 100644 --- a/2018/0xxx/CVE-2018-0062.json +++ b/2018/0xxx/CVE-2018-0062.json @@ -1,201 +1,201 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-10-10T16:00:00.000Z", - "ID" : "CVE-2018-0062", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: Denial of Service in J-Web" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "SRX Series", - "version_name" : "12.1X46", - "version_value" : "12.1X46-D77" - }, - { - "affected" : "<", - "version_name" : "12.3", - "version_value" : "12.3R12-S10" - }, - { - "affected" : "<", - "platform" : "SRX Series", - "version_name" : "12.3X48", - "version_value" : "12.3X48-D60" - }, - { - "affected" : "<", - "version_name" : "15.1", - "version_value" : "15.1R7" - }, - { - "affected" : "=", - "version_name" : "15.1F6", - "version_value" : "15.1F6" - }, - { - "affected" : "<", - "platform" : "SRX Series", - "version_name" : "15.1X49", - "version_value" : "15.1X49-D120" - }, - { - "affected" : "<", - "platform" : "EX2300/EX3400 Series", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D59" - }, - { - "affected" : "<", - "platform" : "QFX10K Series", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D67" - }, - { - "affected" : "<", - "platform" : "QFX5200/QFX5110 Series", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D234" - }, - { - "affected" : "<", - "platform" : "NFX Series", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D470, 15.1X53-D495" - }, - { - "affected" : "<", - "version_name" : "16.1", - "version_value" : "16.1R6" - }, - { - "affected" : "<", - "version_name" : "16.2", - "version_value" : "16.2R2-S6, 16.2R3" - }, - { - "affected" : "<", - "version_name" : "17.1", - "version_value" : "17.1R2-S6, 17.1R3" - }, - { - "affected" : "<", - "version_name" : "17.2", - "version_value" : "17.2R3" - }, - { - "affected" : "<", - "version_name" : "17.3", - "version_value" : "17.3R2" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "The examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https" - } - ], - "credit" : [ - { - "lang" : "eng", - "value" : "Alex Chash from SecureCom Limited (https://www.securecom.co.nz)\n" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-10-10T16:00:00.000Z", + "ID": "CVE-2018-0062", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Denial of Service in J-Web" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "SRX Series", + "version_name": "12.1X46", + "version_value": "12.1X46-D77" + }, + { + "affected": "<", + "version_name": "12.3", + "version_value": "12.3R12-S10" + }, + { + "affected": "<", + "platform": "SRX Series", + "version_name": "12.3X48", + "version_value": "12.3X48-D60" + }, + { + "affected": "<", + "version_name": "15.1", + "version_value": "15.1R7" + }, + { + "affected": "=", + "version_name": "15.1F6", + "version_value": "15.1F6" + }, + { + "affected": "<", + "platform": "SRX Series", + "version_name": "15.1X49", + "version_value": "15.1X49-D120" + }, + { + "affected": "<", + "platform": "EX2300/EX3400 Series", + "version_name": "15.1X53", + "version_value": "15.1X53-D59" + }, + { + "affected": "<", + "platform": "QFX10K Series", + "version_name": "15.1X53", + "version_value": "15.1X53-D67" + }, + { + "affected": "<", + "platform": "QFX5200/QFX5110 Series", + "version_name": "15.1X53", + "version_value": "15.1X53-D234" + }, + { + "affected": "<", + "platform": "NFX Series", + "version_name": "15.1X53", + "version_value": "15.1X53-D470, 15.1X53-D495" + }, + { + "affected": "<", + "version_name": "16.1", + "version_value": "16.1R6" + }, + { + "affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S6, 16.2R3" + }, + { + "affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S6, 17.1R3" + }, + { + "affected": "<", + "version_name": "17.2", + "version_value": "17.2R3" + }, + { + "affected": "<", + "version_name": "17.3", + "version_value": "17.3R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10897", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10897" - }, - { - "name" : "1041860", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041860" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10,12.3X48-D60, 15.1R7, 15.1X49-D120, 15.1X53-D234, 15.1X53-D470, 15.1X53-D495, 15.1X53-D59, 15.1X53-D67, 16.1R6, 16.2R2-S6, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R3, 17.3R2, 17.4R1 and all subsequent releases.\n\n\n\n\n" - } - ], - "source" : { - "advisory" : "JSA10897", - "defect" : [ - "1264695" - ], - "discovery" : "EXTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "Limit access to J-Web from only trusted hosts, networks and administrators.\n" - } - ] -} + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Alex Chash from SecureCom Limited (https://www.securecom.co.nz)\n" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041860", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041860" + }, + { + "name": "https://kb.juniper.net/JSA10897", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10897" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10,12.3X48-D60, 15.1R7, 15.1X49-D120, 15.1X53-D234, 15.1X53-D470, 15.1X53-D495, 15.1X53-D59, 15.1X53-D67, 16.1R6, 16.2R2-S6, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R3, 17.3R2, 17.4R1 and all subsequent releases.\n\n\n\n\n" + } + ], + "source": { + "advisory": "JSA10897", + "defect": [ + "1264695" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Limit access to J-Web from only trusted hosts, networks and administrators.\n" + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0114.json b/2018/0xxx/CVE-2018-0114.json index 362d61426b1..f1c063343a9 100644 --- a/2018/0xxx/CVE-2018-0114.json +++ b/2018/0xxx/CVE-2018-0114.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Node-jose Library", - "version" : { - "version_data" : [ - { - "version_value" : "Node-jose Library" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-347" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Node-jose Library", + "version": { + "version_data": [ + { + "version_value": "Node-jose Library" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44324", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44324/" - }, - { - "name" : "https://github.com/zi0Black/POC-CVE-2018-0114", - "refsource" : "MISC", - "url" : "https://github.com/zi0Black/POC-CVE-2018-0114" - }, - { - "name" : "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md" - }, - { - "name" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326" - }, - { - "name" : "102445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326" + }, + { + "name": "https://github.com/zi0Black/POC-CVE-2018-0114", + "refsource": "MISC", + "url": "https://github.com/zi0Black/POC-CVE-2018-0114" + }, + { + "name": "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md" + }, + { + "name": "44324", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44324/" + }, + { + "name": "102445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102445" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0162.json b/2018/0xxx/CVE-2018-0162.json index 66a00f771d7..e0ad67b5c89 100644 --- a/2018/0xxx/CVE-2018-0162.json +++ b/2018/0xxx/CVE-2018-0162.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0162", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0162", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0183.json b/2018/0xxx/CVE-2018-0183.json index 5253cd5d932..ead3fdab2b4 100644 --- a/2018/0xxx/CVE-2018-0183.json +++ b/2018/0xxx/CVE-2018-0183.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3" - }, - { - "name" : "103555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3" + }, + { + "name": "103555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103555" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0579.json b/2018/0xxx/CVE-2018-0579.json index bf077d7ef07..4c980588b68 100644 --- a/2018/0xxx/CVE-2018-0579.json +++ b/2018/0xxx/CVE-2018-0579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Open Graph for Facebook, Google+ and Twitter Card Tags", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.2.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Webdados" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Graph for Facebook, Google+ and Twitter Card Tags", + "version": { + "version_data": [ + { + "version_value": "prior to version 2.2.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Webdados" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers" - }, - { - "name" : "JVN#08386386", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN08386386/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#08386386", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN08386386/index.html" + }, + { + "name": "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000828.json b/2018/1000xxx/CVE-2018-1000828.json index d0986d05bc9..b1e5c69c304 100644 --- a/2018/1000xxx/CVE-2018-1000828.json +++ b/2018/1000xxx/CVE-2018-1000828.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.464913", - "DATE_REQUESTED" : "2018-10-28T03:59:08", - "ID" : "CVE-2018-1000828", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FrostWire", - "version" : { - "version_data" : [ - { - "version_value" : "<= frostwire-desktop-6.7.4-build-272" - } - ] - } - } - ] - }, - "vendor_name" : "FrostWire" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.464913", + "DATE_REQUESTED": "2018-10-28T03:59:08", + "ID": "CVE-2018-1000828", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/" - }, - { - "name" : "https://github.com/frostwire/frostwire/issues/829", - "refsource" : "MISC", - "url" : "https://github.com/frostwire/frostwire/issues/829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/" + }, + { + "name": "https://github.com/frostwire/frostwire/issues/829", + "refsource": "MISC", + "url": "https://github.com/frostwire/frostwire/issues/829" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000863.json b/2018/1000xxx/CVE-2018-1000863.json index 2c914b89496..9f3b56b0a45 100644 --- a/2018/1000xxx/CVE-2018-1000863.json +++ b/2018/1000xxx/CVE-2018-1000863.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-09T22:34:33.130546", - "ID" : "CVE-2018-1000863", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.153 and earlier, LTS 2.138.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-09T22:34:33.130546", + "ID": "CVE-2018-1000863", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-43", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-43" - }, - { - "name" : "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072" - }, - { - "name" : "RHBA-2019:0024", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2019:0024" - }, - { - "name" : "106176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072" + }, + { + "name": "RHBA-2019:0024", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2019:0024" + }, + { + "name": "106176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106176" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-43", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-43" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12910.json b/2018/12xxx/CVE-2018-12910.json index 11d88402393..5de6381a3dc 100644 --- a/2018/12xxx/CVE-2018-12910.json +++ b/2018/12xxx/CVE-2018-12910.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1416-1] libsoup2.4 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00007.html" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047", - "refsource" : "CONFIRM", - "url" : "https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f", - "refsource" : "CONFIRM", - "url" : "https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/libsoup/issues/3", - "refsource" : "CONFIRM", - "url" : "https://gitlab.gnome.org/GNOME/libsoup/issues/3" - }, - { - "name" : "DSA-4241", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4241" - }, - { - "name" : "FEDORA-2018-fb2afee474", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SBREWZ3EEDYWG6PCLWL2EJ24ME5ZFAX6/" - }, - { - "name" : "RHSA-2018:3140", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3140" - }, - { - "name" : "RHSA-2018:3505", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3505" - }, - { - "name" : "USN-3701-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3701-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2018-fb2afee474", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SBREWZ3EEDYWG6PCLWL2EJ24ME5ZFAX6/" + }, + { + "name": "https://gitlab.gnome.org/GNOME/libsoup/issues/3", + "refsource": "CONFIRM", + "url": "https://gitlab.gnome.org/GNOME/libsoup/issues/3" + }, + { + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" + }, + { + "name": "DSA-4241", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4241" + }, + { + "name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1416-1] libsoup2.4 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00007.html" + }, + { + "name": "USN-3701-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3701-1/" + }, + { + "name": "RHSA-2018:3140", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3140" + }, + { + "name": "https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047", + "refsource": "CONFIRM", + "url": "https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047" + }, + { + "name": "https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f", + "refsource": "CONFIRM", + "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16259.json b/2018/16xxx/CVE-2018-16259.json index ae5c49361f8..c22a88b9535 100644 --- a/2018/16xxx/CVE-2018-16259.json +++ b/2018/16xxx/CVE-2018-16259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16342.json b/2018/16xxx/CVE-2018-16342.json index 17e96fd5fc2..02ccd0a25fa 100644 --- a/2018/16xxx/CVE-2018-16342.json +++ b/2018/16xxx/CVE-2018-16342.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ShowDoc v1.8.0 has XSS via a new page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/star7th/showdoc/issues/325", - "refsource" : "MISC", - "url" : "https://github.com/star7th/showdoc/issues/325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ShowDoc v1.8.0 has XSS via a new page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/star7th/showdoc/issues/325", + "refsource": "MISC", + "url": "https://github.com/star7th/showdoc/issues/325" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16700.json b/2018/16xxx/CVE-2018-16700.json index a4f8fdd03de..e7be9739a82 100644 --- a/2018/16xxx/CVE-2018-16700.json +++ b/2018/16xxx/CVE-2018-16700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19965.json b/2018/19xxx/CVE-2018-19965.json index dd7ac0a3736..45addcf3a34 100644 --- a/2018/19xxx/CVE-2018-19965.json +++ b/2018/19xxx/CVE-2018-19965.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xenbits.xen.org/xsa/advisory-279.html", - "refsource" : "MISC", - "url" : "https://xenbits.xen.org/xsa/advisory-279.html" - }, - { - "name" : "https://support.citrix.com/article/CTX239432", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX239432" - }, - { - "name" : "DSA-4369", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4369" - }, - { - "name" : "106182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX239432", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX239432" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-279.html", + "refsource": "MISC", + "url": "https://xenbits.xen.org/xsa/advisory-279.html" + }, + { + "name": "DSA-4369", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4369" + }, + { + "name": "106182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106182" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4138.json b/2018/4xxx/CVE-2018-4138.json index 9d368fe867b..547312113c9 100644 --- a/2018/4xxx/CVE-2018-4138.json +++ b/2018/4xxx/CVE-2018-4138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"NVIDIA Graphics Drivers\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208692", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208692" - }, - { - "name" : "103582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103582" - }, - { - "name" : "1040608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"NVIDIA Graphics Drivers\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208692", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208692" + }, + { + "name": "103582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103582" + }, + { + "name": "1040608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040608" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4297.json b/2018/4xxx/CVE-2018-4297.json index 20d7aec57c6..fb5473ec231 100644 --- a/2018/4xxx/CVE-2018-4297.json +++ b/2018/4xxx/CVE-2018-4297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4701.json b/2018/4xxx/CVE-2018-4701.json index 5e5a4305d59..8510d061741 100644 --- a/2018/4xxx/CVE-2018-4701.json +++ b/2018/4xxx/CVE-2018-4701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file