From c6d36c98b2e93ea83f13d64a021c1e75b263a907 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:34:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0041.json | 180 +++++++++---------- 2008/0xxx/CVE-2008-0245.json | 140 +++++++-------- 2008/0xxx/CVE-2008-0292.json | 130 +++++++------- 2008/0xxx/CVE-2008-0393.json | 150 ++++++++-------- 2008/0xxx/CVE-2008-0858.json | 160 ++++++++--------- 2008/0xxx/CVE-2008-0933.json | 170 +++++++++--------- 2008/1xxx/CVE-2008-1414.json | 180 +++++++++---------- 2008/1xxx/CVE-2008-1435.json | 180 +++++++++---------- 2008/1xxx/CVE-2008-1465.json | 150 ++++++++-------- 2008/1xxx/CVE-2008-1677.json | 190 ++++++++++---------- 2008/1xxx/CVE-2008-1852.json | 180 +++++++++---------- 2008/4xxx/CVE-2008-4695.json | 280 ++++++++++++++--------------- 2008/4xxx/CVE-2008-4743.json | 150 ++++++++-------- 2008/5xxx/CVE-2008-5096.json | 140 +++++++-------- 2008/5xxx/CVE-2008-5275.json | 150 ++++++++-------- 2013/2xxx/CVE-2013-2132.json | 200 ++++++++++----------- 2013/2xxx/CVE-2013-2685.json | 130 +++++++------- 2013/3xxx/CVE-2013-3390.json | 120 ++++++------- 2013/3xxx/CVE-2013-3732.json | 34 ++-- 2013/4xxx/CVE-2013-4300.json | 180 +++++++++---------- 2013/4xxx/CVE-2013-4448.json | 34 ++-- 2013/4xxx/CVE-2013-4572.json | 34 ++-- 2013/4xxx/CVE-2013-4618.json | 34 ++-- 2013/4xxx/CVE-2013-4806.json | 140 +++++++-------- 2013/6xxx/CVE-2013-6505.json | 34 ++-- 2013/6xxx/CVE-2013-6794.json | 120 ++++++------- 2013/6xxx/CVE-2013-6808.json | 130 +++++++------- 2013/6xxx/CVE-2013-6846.json | 34 ++-- 2013/6xxx/CVE-2013-6971.json | 160 ++++++++--------- 2013/7xxx/CVE-2013-7113.json | 200 ++++++++++----------- 2017/10xxx/CVE-2017-10228.json | 142 +++++++-------- 2017/10xxx/CVE-2017-10242.json | 142 +++++++-------- 2017/10xxx/CVE-2017-10348.json | 316 ++++++++++++++++----------------- 2017/10xxx/CVE-2017-10484.json | 34 ++-- 2017/10xxx/CVE-2017-10728.json | 120 ++++++------- 2017/12xxx/CVE-2017-12867.json | 140 +++++++-------- 2017/13xxx/CVE-2017-13043.json | 180 +++++++++---------- 2017/13xxx/CVE-2017-13449.json | 34 ++-- 2017/13xxx/CVE-2017-13640.json | 34 ++-- 2017/13xxx/CVE-2017-13958.json | 34 ++-- 2017/17xxx/CVE-2017-17728.json | 34 ++-- 2017/9xxx/CVE-2017-9118.json | 130 +++++++------- 2017/9xxx/CVE-2017-9235.json | 34 ++-- 2017/9xxx/CVE-2017-9382.json | 34 ++-- 2018/0xxx/CVE-2018-0350.json | 130 +++++++------- 2018/0xxx/CVE-2018-0493.json | 140 +++++++-------- 2018/0xxx/CVE-2018-0830.json | 142 +++++++-------- 2018/18xxx/CVE-2018-18163.json | 34 ++-- 2018/18xxx/CVE-2018-18307.json | 120 ++++++------- 2018/18xxx/CVE-2018-18336.json | 162 ++++++++--------- 2018/18xxx/CVE-2018-18974.json | 34 ++-- 2018/19xxx/CVE-2018-19130.json | 120 ++++++------- 2018/19xxx/CVE-2018-19226.json | 120 ++++++------- 2018/19xxx/CVE-2018-19779.json | 34 ++-- 2018/19xxx/CVE-2018-19970.json | 140 +++++++-------- 2018/19xxx/CVE-2018-19982.json | 120 ++++++------- 2018/1xxx/CVE-2018-1429.json | 200 ++++++++++----------- 2018/1xxx/CVE-2018-1591.json | 34 ++-- 2018/1xxx/CVE-2018-1679.json | 218 +++++++++++------------ 2018/1xxx/CVE-2018-1824.json | 226 +++++++++++------------ 60 files changed, 3748 insertions(+), 3748 deletions(-) diff --git a/2008/0xxx/CVE-2008-0041.json b/2008/0xxx/CVE-2008-0041.json index 171819799b1..7428aae40ea 100644 --- a/2008/0xxx/CVE-2008-0041.json +++ b/2008/0xxx/CVE-2008-0041.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com \"when a website is unblocked,\" which allows remote attackers to determine when a system is running Parental Controls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307430", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307430" - }, - { - "name" : "APPLE-SA-2008-02-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" - }, - { - "name" : "TA08-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" - }, - { - "name" : "27736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27736" - }, - { - "name" : "ADV-2008-0495", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0495/references" - }, - { - "name" : "1019363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019363" - }, - { - "name" : "28891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com \"when a website is unblocked,\" which allows remote attackers to determine when a system is running Parental Controls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=307430", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307430" + }, + { + "name": "28891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28891" + }, + { + "name": "1019363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019363" + }, + { + "name": "ADV-2008-0495", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0495/references" + }, + { + "name": "27736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27736" + }, + { + "name": "TA08-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" + }, + { + "name": "APPLE-SA-2008-02-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0245.json b/2008/0xxx/CVE-2008-0245.json index 6e624853f28..11797c34095 100644 --- a/2008/0xxx/CVE-2008-0245.json +++ b/2008/0xxx/CVE-2008-0245.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4871", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4871" - }, - { - "name" : "27203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27203" - }, - { - "name" : "uploadimage-admin-command-execution(39571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27203" + }, + { + "name": "4871", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4871" + }, + { + "name": "uploadimage-admin-command-execution(39571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39571" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0292.json b/2008/0xxx/CVE-2008-0292.json index 49f82dcf0ff..c41a8f6929e 100644 --- a/2008/0xxx/CVE-2008-0292.json +++ b/2008/0xxx/CVE-2008-0292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28501" - }, - { - "name" : "dansiephotoalbum-photoalbum-xss(39664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28501" + }, + { + "name": "dansiephotoalbum-photoalbum-xss(39664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39664" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0393.json b/2008/0xxx/CVE-2008-0393.json index e391d05cdf2..0175733f45e 100644 --- a/2008/0xxx/CVE-2008-0393.json +++ b/2008/0xxx/CVE-2008-0393.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4936", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4936" - }, - { - "name" : "27343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27343" - }, - { - "name" : "28520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28520" - }, - { - "name" : "gradman-info-file-include(39768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gradman-info-file-include(39768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39768" + }, + { + "name": "4936", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4936" + }, + { + "name": "27343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27343" + }, + { + "name": "28520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28520" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0858.json b/2008/0xxx/CVE-2008-0858.json index 6050066b39f..e2c6e726965 100644 --- a/2008/0xxx/CVE-2008-0858.json +++ b/2008/0xxx/CVE-2008-0858.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kerio.com/kms_history.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/kms_history.html" - }, - { - "name" : "27868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27868" - }, - { - "name" : "ADV-2008-0594", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0594" - }, - { - "name" : "1019428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019428" - }, - { - "name" : "29021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019428" + }, + { + "name": "ADV-2008-0594", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0594" + }, + { + "name": "29021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29021" + }, + { + "name": "27868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27868" + }, + { + "name": "http://www.kerio.com/kms_history.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/kms_history.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0933.json b/2008/0xxx/CVE-2008-0933.json index ef87a71afe3..8313c2db230 100644 --- a/2008/0xxx/CVE-2008-0933.json +++ b/2008/0xxx/CVE-2008-0933.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "231466", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231466-1" - }, - { - "name" : "27941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27941" - }, - { - "name" : "ADV-2008-0642", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0642" - }, - { - "name" : "oval:org.mitre.oval:def:5476", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5476" - }, - { - "name" : "1019490", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019490" - }, - { - "name" : "29052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29052" + }, + { + "name": "oval:org.mitre.oval:def:5476", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5476" + }, + { + "name": "231466", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231466-1" + }, + { + "name": "1019490", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019490" + }, + { + "name": "27941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27941" + }, + { + "name": "ADV-2008-0642", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0642" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1414.json b/2008/1xxx/CVE-2008-1414.json index 1170d79dae3..4e458d036f7 100644 --- a/2008/1xxx/CVE-2008-1414.json +++ b/2008/1xxx/CVE-2008-1414.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080317 Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489689/100/0/threaded" - }, - { - "name" : "5262", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5262" - }, - { - "name" : "28263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28263" - }, - { - "name" : "ADV-2008-0911", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0911/references" - }, - { - "name" : "29416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29416" - }, - { - "name" : "3756", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3756" - }, - { - "name" : "mts-index-xss(41227)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5262", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5262" + }, + { + "name": "ADV-2008-0911", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0911/references" + }, + { + "name": "3756", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3756" + }, + { + "name": "20080317 Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489689/100/0/threaded" + }, + { + "name": "28263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28263" + }, + { + "name": "29416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29416" + }, + { + "name": "mts-index-xss(41227)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41227" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1435.json b/2008/1xxx/CVE-2008-1435.json index 7e8773f2cab..4edf101d7ea 100644 --- a/2008/1xxx/CVE-2008-1435.json +++ b/2008/1xxx/CVE-2008-1435.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka \"Windows Saved Search Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-1435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS08-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038" - }, - { - "name" : "TA08-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" - }, - { - "name" : "30109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30109" - }, - { - "name" : "oval:org.mitre.oval:def:5600", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600" - }, - { - "name" : "ADV-2008-2020", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2020/references" - }, - { - "name" : "1020436", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020436" - }, - { - "name" : "30953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka \"Windows Saved Search Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5600", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5600" + }, + { + "name": "MS08-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038" + }, + { + "name": "30953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30953" + }, + { + "name": "1020436", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020436" + }, + { + "name": "ADV-2008-2020", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2020/references" + }, + { + "name": "30109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30109" + }, + { + "name": "TA08-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1465.json b/2008/1xxx/CVE-2008-1465.json index 4693c1f913d..6e0961a7ee9 100644 --- a/2008/1xxx/CVE-2008-1465.json +++ b/2008/1xxx/CVE-2008-1465.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5280", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5280" - }, - { - "name" : "28324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28324" - }, - { - "name" : "29471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29471" - }, - { - "name" : "restaurante-index-sql-injection(41283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5280", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5280" + }, + { + "name": "28324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28324" + }, + { + "name": "29471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29471" + }, + { + "name": "restaurante-index-sql-injection(41283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41283" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1677.json b/2008/1xxx/CVE-2008-1677.json index 1b6d4ed082f..7364ab4f40c 100644 --- a/2008/1xxx/CVE-2008-1677.json +++ b/2008/1xxx/CVE-2008-1677.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=444712", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=444712" - }, - { - "name" : "RHSA-2008:0268", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0268.html" - }, - { - "name" : "RHSA-2008:0269", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0269.html" - }, - { - "name" : "29126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29126" - }, - { - "name" : "1020001", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020001" - }, - { - "name" : "30181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30181" - }, - { - "name" : "30185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30185" - }, - { - "name" : "rhds-fedora-expression-bo(42332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29126" + }, + { + "name": "1020001", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020001" + }, + { + "name": "RHSA-2008:0268", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0268.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=444712", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444712" + }, + { + "name": "30185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30185" + }, + { + "name": "30181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30181" + }, + { + "name": "rhds-fedora-expression-bo(42332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42332" + }, + { + "name": "RHSA-2008:0269", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0269.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1852.json b/2008/1xxx/CVE-2008-1852.json index 1241c724c16..df3a1bcac5e 100644 --- a/2008/1xxx/CVE-2008-1852.json +++ b/2008/1xxx/CVE-2008-1852.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080411 Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490771" - }, - { - "name" : "http://aluigi.altervista.org/adv/closedviewx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/closedviewx-adv.txt" - }, - { - "name" : "28745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28745" - }, - { - "name" : "ADV-2008-1214", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1214/references" - }, - { - "name" : "1019839", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019839" - }, - { - "name" : "29796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29796" - }, - { - "name" : "hp-nnm-ovalarmsrv-dos(41695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019839", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019839" + }, + { + "name": "29796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29796" + }, + { + "name": "28745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28745" + }, + { + "name": "hp-nnm-ovalarmsrv-dos(41695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41695" + }, + { + "name": "20080411 Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490771" + }, + { + "name": "ADV-2008-1214", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1214/references" + }, + { + "name": "http://aluigi.altervista.org/adv/closedviewx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/closedviewx-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4695.json b/2008/4xxx/CVE-2008-4695.json index 0ed675f0838..e9d2e301183 100644 --- a/2008/4xxx/CVE-2008-4695.json +++ b/2008/4xxx/CVE-2008-4695.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081021 CVE Request: Opera 9.60 with security fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/21/5" - }, - { - "name" : "[oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/22/5" - }, - { - "name" : "http://www.opera.com/docs/changelogs/freebsd/960/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/freebsd/960/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/linux/960/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/960/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/960/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/960/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/solaris/960/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/solaris/960/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/960/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/960/" - }, - { - "name" : "http://www.opera.com/support/search/view/902/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/902/" - }, - { - "name" : "GLSA-200811-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-01.xml" - }, - { - "name" : "SUSE-SR:2008:022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html" - }, - { - "name" : "31643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31643" - }, - { - "name" : "32538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32538" - }, - { - "name" : "ADV-2008-2765", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2765" - }, - { - "name" : "1021017", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021017" - }, - { - "name" : "32177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32177" - }, - { - "name" : "32394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32394" - }, - { - "name" : "opera-java-applets-information-disclosure(45723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31643" + }, + { + "name": "32394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32394" + }, + { + "name": "32538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32538" + }, + { + "name": "http://www.opera.com/docs/changelogs/solaris/960/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/solaris/960/" + }, + { + "name": "[oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/22/5" + }, + { + "name": "1021017", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021017" + }, + { + "name": "[oss-security] 20081021 CVE Request: Opera 9.60 with security fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/21/5" + }, + { + "name": "32177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32177" + }, + { + "name": "opera-java-applets-information-disclosure(45723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45723" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/960/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/960/" + }, + { + "name": "SUSE-SR:2008:022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/960/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/960/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/960/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/960/" + }, + { + "name": "ADV-2008-2765", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2765" + }, + { + "name": "http://www.opera.com/support/search/view/902/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/902/" + }, + { + "name": "http://www.opera.com/docs/changelogs/freebsd/960/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/freebsd/960/" + }, + { + "name": "GLSA-200811-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4743.json b/2008/4xxx/CVE-2008-4743.json index 4907d7ea15f..d725bd75a30 100644 --- a/2008/4xxx/CVE-2008-4743.json +++ b/2008/4xxx/CVE-2008-4743.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0808-exploits/faqman-sql.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0808-exploits/faqman-sql.txt" - }, - { - "name" : "30775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30775" - }, - { - "name" : "32052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32052" - }, - { - "name" : "faq-management-index-sql-injection(44583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30775" + }, + { + "name": "http://www.packetstormsecurity.org/0808-exploits/faqman-sql.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0808-exploits/faqman-sql.txt" + }, + { + "name": "32052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32052" + }, + { + "name": "faq-management-index-sql-injection(44583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44583" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5096.json b/2008/5xxx/CVE-2008-5096.json index ee83901d418..3b6798e7ddd 100644 --- a/2008/5xxx/CVE-2008-5096.json +++ b/2008/5xxx/CVE-2008-5096.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/" - }, - { - "name" : "31262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31262" - }, - { - "name" : "filelist-unspecified-information-disclosure(45258)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31262" + }, + { + "name": "filelist-unspecified-information-disclosure(45258)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45258" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5275.json b/2008/5xxx/CVE-2008-5275.json index e0a90983f25..c4facdac7f9 100644 --- a/2008/5xxx/CVE-2008-5275.json +++ b/2008/5xxx/CVE-2008-5275.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the (a) \"Unzip archive\" and (b) \"Upload files and archives\" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vuln.sg/net2ftp096-en.html", - "refsource" : "MISC", - "url" : "http://vuln.sg/net2ftp096-en.html" - }, - { - "name" : "29664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29664" - }, - { - "name" : "30611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30611" - }, - { - "name" : "net2ftp-requesthandling-code-execution(42994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the (a) \"Unzip archive\" and (b) \"Upload files and archives\" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "net2ftp-requesthandling-code-execution(42994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42994" + }, + { + "name": "http://vuln.sg/net2ftp096-en.html", + "refsource": "MISC", + "url": "http://vuln.sg/net2ftp096-en.html" + }, + { + "name": "29664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29664" + }, + { + "name": "30611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30611" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2132.json b/2013/2xxx/CVE-2013-2132.json index 9606a9dc859..e552397382b 100644 --- a/2013/2xxx/CVE-2013-2132.json +++ b/2013/2xxx/CVE-2013-2132.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130531 Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/447" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597" - }, - { - "name" : "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2", - "refsource" : "MISC", - "url" : "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2" - }, - { - "name" : "https://jira.mongodb.org/browse/PYTHON-532", - "refsource" : "MISC", - "url" : "https://jira.mongodb.org/browse/PYTHON-532" - }, - { - "name" : "DSA-2705", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2705" - }, - { - "name" : "openSUSE-SU-2013:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html" - }, - { - "name" : "USN-1897-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1897-1" - }, - { - "name" : "60252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60252" - }, - { - "name" : "93804", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html" + }, + { + "name": "USN-1897-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1897-1" + }, + { + "name": "93804", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93804" + }, + { + "name": "https://jira.mongodb.org/browse/PYTHON-532", + "refsource": "MISC", + "url": "https://jira.mongodb.org/browse/PYTHON-532" + }, + { + "name": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2", + "refsource": "MISC", + "url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2" + }, + { + "name": "[oss-security] 20130531 Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/447" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597" + }, + { + "name": "DSA-2705", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2705" + }, + { + "name": "60252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60252" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2685.json b/2013/2xxx/CVE-2013-2685.json index ba33dfdba13..a7ffd63c254 100644 --- a/2013/2xxx/CVE-2013-2685.json +++ b/2013/2xxx/CVE-2013-2685.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2013-001.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2013-001.html" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-20901", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-20901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.asterisk.org/pub/security/AST-2013-001.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-20901", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3390.json b/2013/3xxx/CVE-2013-3390.json index 7eb95ccfb85..8d67ee3a9d8 100644 --- a/2013/3xxx/CVE-2013-3390.json +++ b/2013/3xxx/CVE-2013-3390.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130821 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130821 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3732.json b/2013/3xxx/CVE-2013-3732.json index a97c7996792..422e01f268f 100644 --- a/2013/3xxx/CVE-2013-3732.json +++ b/2013/3xxx/CVE-2013-3732.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3732", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3732", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4300.json b/2013/4xxx/CVE-2013-4300.json index ce07858d0ab..eef059c0815 100644 --- a/2013/4xxx/CVE-2013-4300.json +++ b/2013/4xxx/CVE-2013-4300.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130904 Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/05/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d661684cf6820331feae71146c35da83d794467e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d661684cf6820331feae71146c35da83d794467e" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1004736", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1004736" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2" - }, - { - "name" : "USN-1995-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1995-1" - }, - { - "name" : "USN-1998-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1998-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d661684cf6820331feae71146c35da83d794467e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d661684cf6820331feae71146c35da83d794467e" + }, + { + "name": "USN-1995-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1995-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736" + }, + { + "name": "[oss-security] 20130904 Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/05/3" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2" + }, + { + "name": "USN-1998-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1998-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4448.json b/2013/4xxx/CVE-2013-4448.json index 6d54858bf02..ace34072575 100644 --- a/2013/4xxx/CVE-2013-4448.json +++ b/2013/4xxx/CVE-2013-4448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4572.json b/2013/4xxx/CVE-2013-4572.json index c21915c8107..639b9bf39a5 100644 --- a/2013/4xxx/CVE-2013-4572.json +++ b/2013/4xxx/CVE-2013-4572.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4572", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4572", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4618.json b/2013/4xxx/CVE-2013-4618.json index a4ac169f65b..610d10a676e 100644 --- a/2013/4xxx/CVE-2013-4618.json +++ b/2013/4xxx/CVE-2013-4618.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4618", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4618", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4806.json b/2013/4xxx/CVE-2013-4806.json index 77fc4476351..9e66d3fe68a 100644 --- a/2013/4xxx/CVE-2013-4806.json +++ b/2013/4xxx/CVE-2013-4806.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF02912", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03880910" - }, - { - "name" : "SSRT101224", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03880910" - }, - { - "name" : "VU#229804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/229804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBHF02912", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03880910" + }, + { + "name": "SSRT101224", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03880910" + }, + { + "name": "VU#229804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/229804" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6505.json b/2013/6xxx/CVE-2013-6505.json index 88a7e11412b..25bd3b4234f 100644 --- a/2013/6xxx/CVE-2013-6505.json +++ b/2013/6xxx/CVE-2013-6505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6505", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6505", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6794.json b/2013/6xxx/CVE-2013-6794.json index eac44cb63a7..8146cd8b970 100644 --- a/2013/6xxx/CVE-2013-6794.json +++ b/2013/6xxx/CVE-2013-6794.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "55423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55423" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6808.json b/2013/6xxx/CVE-2013-6808.json index 6a50ed6d862..58a0eb66091 100644 --- a/2013/6xxx/CVE-2013-6808.json +++ b/2013/6xxx/CVE-2013-6808.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.packetlabs.net/cve-2013-6808/", - "refsource" : "MISC", - "url" : "https://www.packetlabs.net/cve-2013-6808/" - }, - { - "name" : "http://www.zend.to/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.zend.to/changelog.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.packetlabs.net/cve-2013-6808/", + "refsource": "MISC", + "url": "https://www.packetlabs.net/cve-2013-6808/" + }, + { + "name": "http://www.zend.to/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.zend.to/changelog.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6846.json b/2013/6xxx/CVE-2013-6846.json index 433ff69bd79..56b9235f227 100644 --- a/2013/6xxx/CVE-2013-6846.json +++ b/2013/6xxx/CVE-2013-6846.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6846", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6846", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6971.json b/2013/6xxx/CVE-2013-6971.json index bd0afbc16fb..bd344172140 100644 --- a/2013/6xxx/CVE-2013-6971.json +++ b/2013/6xxx/CVE-2013-6971.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146" - }, - { - "name" : "20131212 Cisco WebEx Training Center Open Redirect Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971" - }, - { - "name" : "100910", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100910" - }, - { - "name" : "1029492", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029492" - }, - { - "name" : "cisco-webex-cve20136971-open-redirect(89653)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029492", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029492" + }, + { + "name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146" + }, + { + "name": "cisco-webex-cve20136971-open-redirect(89653)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653" + }, + { + "name": "100910", + "refsource": "OSVDB", + "url": "http://osvdb.org/100910" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7113.json b/2013/7xxx/CVE-2013-7113.json index e5ce4006b74..1b564148636 100644 --- a/2013/7xxx/CVE-2013-7113.json +++ b/2013/7xxx/CVE-2013-7113.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk-1.10/epan/dissectors/packet-bssgp.c?r1=53803&r2=53802&pathrev=53803", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk-1.10/epan/dissectors/packet-bssgp.c?r1=53803&r2=53802&pathrev=53803" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-67.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-67.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488" - }, - { - "name" : "DSA-2825", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2825" - }, - { - "name" : "openSUSE-SU-2014:0013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00007.html" - }, - { - "name" : "openSUSE-SU-2014:0017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00011.html" - }, - { - "name" : "56052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56052" - }, - { - "name" : "56313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803" + }, + { + "name": "56052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56052" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-67.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-67.html" + }, + { + "name": "openSUSE-SU-2014:0013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00007.html" + }, + { + "name": "DSA-2825", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2825" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk-1.10/epan/dissectors/packet-bssgp.c?r1=53803&r2=53802&pathrev=53803", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk-1.10/epan/dissectors/packet-bssgp.c?r1=53803&r2=53802&pathrev=53803" + }, + { + "name": "56313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56313" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488" + }, + { + "name": "openSUSE-SU-2014:0017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10228.json b/2017/10xxx/CVE-2017-10228.json index ca5084e70de..78ca5e09284 100644 --- a/2017/10xxx/CVE-2017-10228.json +++ b/2017/10xxx/CVE-2017-10228.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Cruise Shipboard Property Management System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Module). The supported version that is affected is 8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Shipboard Property Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99695" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Module). The supported version that is affected is 8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99695" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10242.json b/2017/10xxx/CVE-2017-10242.json index 97f0733b947..a85a63f5306 100644 --- a/2017/10xxx/CVE-2017-10242.json +++ b/2017/10xxx/CVE-2017-10242.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.1.24" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.24" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99689" - }, - { - "name" : "1038929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038929" + }, + { + "name": "99689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99689" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10348.json b/2017/10xxx/CVE-2017-10348.json index 7d5463f4d71..3da51e06100 100644 --- a/2017/10xxx/CVE-2017-10348.json +++ b/2017/10xxx/CVE-2017-10348.json @@ -1,160 +1,160 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u161" - }, - { - "version_affected" : "=", - "version_value" : "7u151" - }, - { - "version_affected" : "=", - "version_value" : "8u144" - }, - { - "version_affected" : "=", - "version_value" : "9; Java SE Embedded: 8u144" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u161" + }, + { + "version_affected": "=", + "version_value": "7u151" + }, + { + "version_affected": "=", + "version_value": "8u144" + }, + { + "version_affected": "=", + "version_value": "9; Java SE Embedded: 8u144" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171019-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171019-0001/" - }, - { - "name" : "DSA-4015", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4015" - }, - { - "name" : "DSA-4048", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4048" - }, - { - "name" : "GLSA-201710-31", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-31" - }, - { - "name" : "GLSA-201711-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-14" - }, - { - "name" : "RHSA-2017:3264", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3264" - }, - { - "name" : "RHSA-2017:3267", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3267" - }, - { - "name" : "RHSA-2017:3268", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3268" - }, - { - "name" : "RHSA-2017:2998", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2998" - }, - { - "name" : "RHSA-2017:3392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3392" - }, - { - "name" : "RHSA-2017:3046", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3046" - }, - { - "name" : "RHSA-2017:3047", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3047" - }, - { - "name" : "RHSA-2017:2999", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2999" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "101354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101354" - }, - { - "name" : "1039596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3047", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3047" + }, + { + "name": "GLSA-201711-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-14" + }, + { + "name": "DSA-4015", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4015" + }, + { + "name": "RHSA-2017:3267", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3267" + }, + { + "name": "RHSA-2017:2998", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2998" + }, + { + "name": "RHSA-2017:3268", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3268" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:3046", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3046" + }, + { + "name": "101354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101354" + }, + { + "name": "1039596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039596" + }, + { + "name": "GLSA-201710-31", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-31" + }, + { + "name": "RHSA-2017:3264", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3264" + }, + { + "name": "DSA-4048", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4048" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "RHSA-2017:3392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3392" + }, + { + "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" + }, + { + "name": "RHSA-2017:2999", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2999" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10484.json b/2017/10xxx/CVE-2017-10484.json index 19d3673c4d9..6331e331b63 100644 --- a/2017/10xxx/CVE-2017-10484.json +++ b/2017/10xxx/CVE-2017-10484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10728.json b/2017/10xxx/CVE-2017-10728.json index 34c4e368629..7f5284d959f 100644 --- a/2017/10xxx/CVE-2017-10728.json +++ b/2017/10xxx/CVE-2017-10728.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to \"Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10728", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to \"Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10728", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10728" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12867.json b/2017/12xxx/CVE-2017-12867.json index 9fc86f49151..b9a227ad182 100644 --- a/2017/12xxx/CVE-2017-12867.json +++ b/2017/12xxx/CVE-2017-12867.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html" - }, - { - "name" : "https://simplesamlphp.org/security/201708-01", - "refsource" : "CONFIRM", - "url" : "https://simplesamlphp.org/security/201708-01" - }, - { - "name" : "DSA-4127", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html" + }, + { + "name": "DSA-4127", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4127" + }, + { + "name": "https://simplesamlphp.org/security/201708-01", + "refsource": "CONFIRM", + "url": "https://simplesamlphp.org/security/201708-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13043.json b/2017/13xxx/CVE-2017-13043.json index 85171c2f11a..eeb156da42c 100644 --- a/2017/13xxx/CVE-2017-13043.json +++ b/2017/13xxx/CVE-2017-13043.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/d515b4b4a300479cdf1a6e0d1bb95bc1f9fee514", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/d515b4b4a300479cdf1a6e0d1bb95bc1f9fee514" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/d515b4b4a300479cdf1a6e0d1bb95bc1f9fee514", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/d515b4b4a300479cdf1a6e0d1bb95bc1f9fee514" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13449.json b/2017/13xxx/CVE-2017-13449.json index f6dd514c895..4f290b67692 100644 --- a/2017/13xxx/CVE-2017-13449.json +++ b/2017/13xxx/CVE-2017-13449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13640.json b/2017/13xxx/CVE-2017-13640.json index 0027a725a53..8d4be278aca 100644 --- a/2017/13xxx/CVE-2017-13640.json +++ b/2017/13xxx/CVE-2017-13640.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13640", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13640", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13958.json b/2017/13xxx/CVE-2017-13958.json index e7c8f65324e..5db30fcf7f8 100644 --- a/2017/13xxx/CVE-2017-13958.json +++ b/2017/13xxx/CVE-2017-13958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13958", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13958", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17728.json b/2017/17xxx/CVE-2017-17728.json index 3cae0e7eeb7..86ffbb1b01c 100644 --- a/2017/17xxx/CVE-2017-17728.json +++ b/2017/17xxx/CVE-2017-17728.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17728", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17728", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9118.json b/2017/9xxx/CVE-2017-9118.json index fe94a8a9ae8..45a52fa2bc9 100644 --- a/2017/9xxx/CVE-2017-9118.json +++ b/2017/9xxx/CVE-2017-9118.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=74604", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=74604" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181107-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181107-0003/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181107-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181107-0003/" + }, + { + "name": "https://bugs.php.net/bug.php?id=74604", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=74604" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9235.json b/2017/9xxx/CVE-2017-9235.json index 366454f9c4e..5b074d27406 100644 --- a/2017/9xxx/CVE-2017-9235.json +++ b/2017/9xxx/CVE-2017-9235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9235", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9235", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9382.json b/2017/9xxx/CVE-2017-9382.json index 79dbf533baf..b1d1302fabe 100644 --- a/2017/9xxx/CVE-2017-9382.json +++ b/2017/9xxx/CVE-2017-9382.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9382", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9382", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0350.json b/2018/0xxx/CVE-2018-0350.json index f9715c49071..f96964201fb 100644 --- a/2018/0xxx/CVE-2018-0350.json +++ b/2018/0xxx/CVE-2018-0350.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco SD-WAN Solution unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco SD-WAN Solution unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco SD-WAN Solution unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj" - }, - { - "name" : "104874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104874" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cmdinj" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0493.json b/2018/0xxx/CVE-2018-0493.json index d628b4f9971..3255fa47703 100644 --- a/2018/0xxx/CVE-2018-0493.json +++ b/2018/0xxx/CVE-2018-0493.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2018-0493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "remctl", - "version" : { - "version_data" : [ - { - "version_value" : "remctl" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free, double free" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2018-0493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "remctl", + "version": { + "version_data": [ + { + "version_value": "remctl" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.eyrie.org/?p=kerberos/remctl.git;a=commit;h=86c7e44090c988112a37589d2c7a94029eb5e641", - "refsource" : "CONFIRM", - "url" : "https://git.eyrie.org/?p=kerberos/remctl.git;a=commit;h=86c7e44090c988112a37589d2c7a94029eb5e641" - }, - { - "name" : "https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html", - "refsource" : "CONFIRM", - "url" : "https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html" - }, - { - "name" : "DSA-4159", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free, double free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.eyrie.org/?p=kerberos/remctl.git;a=commit;h=86c7e44090c988112a37589d2c7a94029eb5e641", + "refsource": "CONFIRM", + "url": "https://git.eyrie.org/?p=kerberos/remctl.git;a=commit;h=86c7e44090c988112a37589d2c7a94029eb5e641" + }, + { + "name": "DSA-4159", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4159" + }, + { + "name": "https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html", + "refsource": "CONFIRM", + "url": "https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0830.json b/2018/0xxx/CVE-2018-0830.json index 20d66bd64f3..ae567076288 100644 --- a/2018/0xxx/CVE-2018-0830.json +++ b/2018/0xxx/CVE-2018-0830.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-0830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0829 and CVE-2018-0832." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Important" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0830", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0830" - }, - { - "name" : "102949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102949" - }, - { - "name" : "1040373", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0829 and CVE-2018-0832." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Important" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0830", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0830" + }, + { + "name": "102949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102949" + }, + { + "name": "1040373", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040373" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18163.json b/2018/18xxx/CVE-2018-18163.json index cb0f381d6a6..404f44e600b 100644 --- a/2018/18xxx/CVE-2018-18163.json +++ b/2018/18xxx/CVE-2018-18163.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18163", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18163", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18307.json b/2018/18xxx/CVE-2018-18307.json index 82fb679a7f8..cebe1706100 100644 --- a/2018/18xxx/CVE-2018-18307.json +++ b/2018/18xxx/CVE-2018-18307.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18336.json b/2018/18xxx/CVE-2018-18336.json index 3edeff2b854..848bc14ffd6 100644 --- a/2018/18xxx/CVE-2018-18336.json +++ b/2018/18xxx/CVE-2018-18336.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-18336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-18336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/898531", - "refsource" : "MISC", - "url" : "https://crbug.com/898531" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/898531", + "refsource": "MISC", + "url": "https://crbug.com/898531" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18974.json b/2018/18xxx/CVE-2018-18974.json index 33705617b7a..2f323380a24 100644 --- a/2018/18xxx/CVE-2018-18974.json +++ b/2018/18xxx/CVE-2018-18974.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18974", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18974", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19130.json b/2018/19xxx/CVE-2018-19130.json index c403e977da4..4f4e1a69795 100644 --- a/2018/19xxx/CVE-2018-19130.json +++ b/2018/19xxx/CVE-2018-19130.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1139", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1139", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1139" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19226.json b/2018/19xxx/CVE-2018-19226.json index 8dd9f7cd914..c56e0c598bf 100644 --- a/2018/19xxx/CVE-2018-19226.json +++ b/2018/19xxx/CVE-2018-19226.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#info_exp", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#info_exp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#info_exp", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#info_exp" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19779.json b/2018/19xxx/CVE-2018-19779.json index 39082d60764..df4802f3cd6 100644 --- a/2018/19xxx/CVE-2018-19779.json +++ b/2018/19xxx/CVE-2018-19779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19779", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19779", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19970.json b/2018/19xxx/CVE-2018-19970.json index 1e9aa0f54ba..dd91f6c4684 100644 --- a/2018/19xxx/CVE-2018-19970.json +++ b/2018/19xxx/CVE-2018-19970.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190201 [SECURITY] [DLA 1658-1] phpmyadmin security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2018-8/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2018-8/" - }, - { - "name" : "106181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyadmin.net/security/PMASA-2018-8/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2018-8/" + }, + { + "name": "[debian-lts-announce] 20190201 [SECURITY] [DLA 1658-1] phpmyadmin security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html" + }, + { + "name": "106181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106181" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19982.json b/2018/19xxx/CVE-2018-19982.json index 7e29f9e786c..7f4187b31ef 100644 --- a/2018/19xxx/CVE-2018-19982.json +++ b/2018/19xxx/CVE-2018-19982.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/min1233/CVE/blob/master/1", - "refsource" : "MISC", - "url" : "https://github.com/min1233/CVE/blob/master/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/min1233/CVE/blob/master/1", + "refsource": "MISC", + "url": "https://github.com/min1233/CVE/blob/master/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1429.json b/2018/1xxx/CVE-2018-1429.json index e967bef9cc8..0c0d4600153 100644 --- a/2018/1xxx/CVE-2018-1429.json +++ b/2018/1xxx/CVE-2018-1429.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-03-21T00:00:00", - "ID" : "CVE-2018-1429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MQ Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1" - }, - { - "version_value" : "9.0.2" - }, - { - "version_value" : "9.0.3" - }, - { - "version_value" : "9.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-03-21T00:00:00", + "ID": "CVE-2018-1429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MQ Appliance", + "version": { + "version_data": [ + { + "version_value": "9.0.1" + }, + { + "version_value": "9.0.2" + }, + { + "version_value": "9.0.3" + }, + { + "version_value": "9.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014046", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014046" - }, - { - "name" : "103491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103491" - }, - { - "name" : "1040564", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040564", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040564" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22014046", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077" + }, + { + "name": "103491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103491" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1591.json b/2018/1xxx/CVE-2018-1591.json index cdb62efd153..171bd145701 100644 --- a/2018/1xxx/CVE-2018-1591.json +++ b/2018/1xxx/CVE-2018-1591.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1591", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1591", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1679.json b/2018/1xxx/CVE-2018-1679.json index 984a41f8758..7c979f57bb7 100644 --- a/2018/1xxx/CVE-2018-1679.json +++ b/2018/1xxx/CVE-2018-1679.json @@ -1,111 +1,111 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-17T00:00:00", - "ID" : "CVE-2018-1679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.4" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.5" - }, - { - "version_value" : "5.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 145180." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-17T00:00:00", + "ID": "CVE-2018-1679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.4" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.5" + }, + { + "version_value": "5.2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716747", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716747" - }, - { - "name" : "104927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104927" - }, - { - "name" : "ibm-sterling-cve20181679-info-disc(145180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 145180." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sterling-cve20181679-info-disc(145180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145180" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716747", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716747" + }, + { + "name": "104927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104927" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1824.json b/2018/1xxx/CVE-2018-1824.json index 50e3efb5bee..cc2406595b0 100644 --- a/2018/1xxx/CVE-2018-1824.json +++ b/2018/1xxx/CVE-2018-1824.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-08T00:00:00", - "ID" : "CVE-2018-1824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-03-08T00:00:00", + "ID": "CVE-2018-1824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318" - }, - { - "name" : "ibm-rqm-cve20181824-xss(150427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318" + }, + { + "name": "ibm-rqm-cve20181824-xss(150427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150427" + } + ] + } +} \ No newline at end of file