diff --git a/2008/0xxx/CVE-2008-0527.json b/2008/0xxx/CVE-2008-0527.json index 53d0dd8a8a1..9a51a64fcab 100644 --- a/2008/0xxx/CVE-2008-0527.json +++ b/2008/0xxx/CVE-2008-0527.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml" - }, - { - "name" : "27774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27774" - }, - { - "name" : "ADV-2008-0543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0543" - }, - { - "name" : "1019408", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019408" - }, - { - "name" : "28935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28935" - }, - { - "name" : "cisco-unifiedipphone-httpserver-dos(40489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml" + }, + { + "name": "1019408", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019408" + }, + { + "name": "cisco-unifiedipphone-httpserver-dos(40489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40489" + }, + { + "name": "27774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27774" + }, + { + "name": "ADV-2008-0543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0543" + }, + { + "name": "28935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28935" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0553.json b/2008/0xxx/CVE-2008-0553.json index 07c62767059..03f68e5a3f5 100644 --- a/2008/0xxx/CVE-2008-0553.json +++ b/2008/0xxx/CVE-2008-0553.json @@ -1,277 +1,277 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 rPSA-2008-0054-1 tk", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488069/100/0/threaded" - }, - { - "name" : "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493080/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=431518", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=431518" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0054", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0054" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2215", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2215" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" - }, - { - "name" : "DSA-1490", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1490" - }, - { - "name" : "DSA-1491", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1491" - }, - { - "name" : "DSA-1598", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1598" - }, - { - "name" : "FEDORA-2008-1122", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html" - }, - { - "name" : "FEDORA-2008-1131", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html" - }, - { - "name" : "FEDORA-2008-1323", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html" - }, - { - "name" : "FEDORA-2008-1384", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html" - }, - { - "name" : "FEDORA-2008-3545", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html" - }, - { - "name" : "MDVSA-2008:041", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041" - }, - { - "name" : "RHSA-2008:0135", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0135.html" - }, - { - "name" : "RHSA-2008:0134", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0134.html" - }, - { - "name" : "RHSA-2008:0136", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0136.html" - }, - { - "name" : "237465", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1" - }, - { - "name" : "SUSE-SR:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" - }, - { - "name" : "SUSE-SR:2008:013", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2008_13_sr.html" - }, - { - "name" : "USN-664-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-664-1" - }, - { - "name" : "27655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27655" - }, - { - "name" : "oval:org.mitre.oval:def:10098", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098" - }, - { - "name" : "32608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32608" - }, - { - "name" : "ADV-2008-0430", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0430" - }, - { - "name" : "ADV-2008-1456", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1456/references" - }, - { - "name" : "ADV-2008-1744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1744" - }, - { - "name" : "1019309", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019309" - }, - { - "name" : "28784", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28784" - }, - { - "name" : "28807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28807" - }, - { - "name" : "28848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28848" - }, - { - "name" : "28857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28857" - }, - { - "name" : "28867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28867" - }, - { - "name" : "28954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28954" - }, - { - "name" : "29069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29069" - }, - { - "name" : "29070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29070" - }, - { - "name" : "29622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29622" - }, - { - "name" : "30129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30129" - }, - { - "name" : "30535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30535" - }, - { - "name" : "30783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30783" - }, - { - "name" : "30717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30717" - }, - { - "name" : "30188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30129" + }, + { + "name": "28784", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28784" + }, + { + "name": "RHSA-2008:0134", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0134.html" + }, + { + "name": "DSA-1598", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1598" + }, + { + "name": "20080212 rPSA-2008-0054-1 tk", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488069/100/0/threaded" + }, + { + "name": "ADV-2008-1744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1744" + }, + { + "name": "29622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29622" + }, + { + "name": "27655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27655" + }, + { + "name": "SUSE-SR:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" + }, + { + "name": "USN-664-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-664-1" + }, + { + "name": "ADV-2008-1456", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1456/references" + }, + { + "name": "28857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28857" + }, + { + "name": "30783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30783" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2215", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2215" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" + }, + { + "name": "oval:org.mitre.oval:def:10098", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098" + }, + { + "name": "DSA-1490", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1490" + }, + { + "name": "237465", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1" + }, + { + "name": "RHSA-2008:0136", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431518", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431518" + }, + { + "name": "ADV-2008-0430", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0430" + }, + { + "name": "28954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28954" + }, + { + "name": "30535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30535" + }, + { + "name": "30188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30188" + }, + { + "name": "FEDORA-2008-1131", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894" + }, + { + "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded" + }, + { + "name": "FEDORA-2008-1384", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html" + }, + { + "name": "FEDORA-2008-1122", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html" + }, + { + "name": "32608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32608" + }, + { + "name": "29070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29070" + }, + { + "name": "FEDORA-2008-3545", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html" + }, + { + "name": "28848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28848" + }, + { + "name": "RHSA-2008:0135", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0135.html" + }, + { + "name": "29069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29069" + }, + { + "name": "FEDORA-2008-1323", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html" + }, + { + "name": "28867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28867" + }, + { + "name": "1019309", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019309" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0054", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0054" + }, + { + "name": "MDVSA-2008:041", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041" + }, + { + "name": "DSA-1491", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1491" + }, + { + "name": "28807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28807" + }, + { + "name": "SUSE-SR:2008:013", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html" + }, + { + "name": "30717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30717" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0592.json b/2008/0xxx/CVE-2008-0592.json index 8afd4690a98..c264239dcf1 100644 --- a/2008/0xxx/CVE-2008-0592.json +++ b/2008/0xxx/CVE-2008-0592.json @@ -1,277 +1,277 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a \"Content-Disposition: attachment\" and an invalid \"Content-Type: plain/text,\" which prevents Firefox from rendering future plain text files within the browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-0592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080209 rPSA-2008-0051-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487826/100/0/threaded" - }, - { - "name" : "20080212 FLEA-2008-0001-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488002/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-09.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=387258", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=387258" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051" - }, - { - "name" : "http://browser.netscape.com/releasenotes/", - "refsource" : "CONFIRM", - "url" : "http://browser.netscape.com/releasenotes/" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html" - }, - { - "name" : "DSA-1484", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1484" - }, - { - "name" : "DSA-1485", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1485" - }, - { - "name" : "DSA-1489", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1489" - }, - { - "name" : "DSA-1506", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1506" - }, - { - "name" : "FEDORA-2008-1435", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html" - }, - { - "name" : "FEDORA-2008-1459", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html" - }, - { - "name" : "FEDORA-2008-1535", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html" - }, - { - "name" : "FEDORA-2008-2060", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html" - }, - { - "name" : "FEDORA-2008-2118", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html" - }, - { - "name" : "GLSA-200805-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" - }, - { - "name" : "MDVSA-2008:048", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048" - }, - { - "name" : "RHSA-2008:0103", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0103.html" - }, - { - "name" : "RHSA-2008:0104", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0104.html" - }, - { - "name" : "RHSA-2008:0105", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0105.html" - }, - { - "name" : "238492", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" - }, - { - "name" : "SUSE-SA:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html" - }, - { - "name" : "USN-576-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-576-1" - }, - { - "name" : "27683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27683" - }, - { - "name" : "oval:org.mitre.oval:def:9972", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9972" - }, - { - "name" : "ADV-2008-0453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0453/references" - }, - { - "name" : "ADV-2008-0627", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0627/references" - }, - { - "name" : "ADV-2008-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1793/references" - }, - { - "name" : "1019340", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019340" - }, - { - "name" : "28818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28818" - }, - { - "name" : "28754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28754" - }, - { - "name" : "28864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28864" - }, - { - "name" : "28865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28865" - }, - { - "name" : "28877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28877" - }, - { - "name" : "28879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28879" - }, - { - "name" : "28924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28924" - }, - { - "name" : "28939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28939" - }, - { - "name" : "28958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28958" - }, - { - "name" : "29086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29086" - }, - { - "name" : "29167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29167" - }, - { - "name" : "29567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29567" - }, - { - "name" : "30327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30327" - }, - { - "name" : "30620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a \"Content-Disposition: attachment\" and an invalid \"Content-Type: plain/text,\" which prevents Firefox from rendering future plain text files within the browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:0104", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0104.html" + }, + { + "name": "USN-576-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-576-1" + }, + { + "name": "http://browser.netscape.com/releasenotes/", + "refsource": "CONFIRM", + "url": "http://browser.netscape.com/releasenotes/" + }, + { + "name": "28939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28939" + }, + { + "name": "DSA-1506", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1506" + }, + { + "name": "FEDORA-2008-2118", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html" + }, + { + "name": "FEDORA-2008-2060", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html" + }, + { + "name": "28818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28818" + }, + { + "name": "30620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30620" + }, + { + "name": "28865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28865" + }, + { + "name": "ADV-2008-0453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0453/references" + }, + { + "name": "oval:org.mitre.oval:def:9972", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9972" + }, + { + "name": "RHSA-2008:0103", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0103.html" + }, + { + "name": "28877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28877" + }, + { + "name": "28879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28879" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=387258", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=387258" + }, + { + "name": "29167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29167" + }, + { + "name": "29567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29567" + }, + { + "name": "RHSA-2008:0105", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0105.html" + }, + { + "name": "28958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28958" + }, + { + "name": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html" + }, + { + "name": "30327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30327" + }, + { + "name": "238492", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" + }, + { + "name": "1019340", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019340" + }, + { + "name": "DSA-1489", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1489" + }, + { + "name": "20080212 FLEA-2008-0001-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded" + }, + { + "name": "20080209 rPSA-2008-0051-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded" + }, + { + "name": "29086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29086" + }, + { + "name": "28864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28864" + }, + { + "name": "DSA-1485", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1485" + }, + { + "name": "28924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28924" + }, + { + "name": "27683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27683" + }, + { + "name": "ADV-2008-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1793/references" + }, + { + "name": "SUSE-SA:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html" + }, + { + "name": "FEDORA-2008-1459", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html" + }, + { + "name": "FEDORA-2008-1535", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0051", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051" + }, + { + "name": "DSA-1484", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1484" + }, + { + "name": "ADV-2008-0627", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0627/references" + }, + { + "name": "GLSA-200805-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-09.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-09.html" + }, + { + "name": "28754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28754" + }, + { + "name": "FEDORA-2008-1435", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html" + }, + { + "name": "MDVSA-2008:048", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0780.json b/2008/0xxx/CVE-2008-0780.json index 7641a5f234f..3746e853e1a 100644 --- a/2008/0xxx/CVE-2008-0780.json +++ b/2008/0xxx/CVE-2008-0780.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7" - }, - { - "name" : "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=432747", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=432747" - }, - { - "name" : "DSA-1514", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1514" - }, - { - "name" : "FEDORA-2008-1880", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html" - }, - { - "name" : "FEDORA-2008-1905", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html" - }, - { - "name" : "GLSA-200803-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml" - }, - { - "name" : "USN-716-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/716-1/" - }, - { - "name" : "27904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27904" - }, - { - "name" : "ADV-2008-0569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0569/references" - }, - { - "name" : "29010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29010" - }, - { - "name" : "28987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28987" - }, - { - "name" : "29262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29262" - }, - { - "name" : "29444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29444" - }, - { - "name" : "33755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33755" + }, + { + "name": "GLSA-200803-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml" + }, + { + "name": "29262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29262" + }, + { + "name": "29010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29010" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=432747", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747" + }, + { + "name": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7" + }, + { + "name": "FEDORA-2008-1880", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html" + }, + { + "name": "28987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28987" + }, + { + "name": "ADV-2008-0569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0569/references" + }, + { + "name": "27904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27904" + }, + { + "name": "29444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29444" + }, + { + "name": "FEDORA-2008-1905", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html" + }, + { + "name": "USN-716-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/716-1/" + }, + { + "name": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d" + }, + { + "name": "DSA-1514", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1514" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0901.json b/2008/0xxx/CVE-2008-0901.json index e10cfed05db..e77cca61f08 100644 --- a/2008/0xxx/CVE-2008-0901.json +++ b/2008/0xxx/CVE-2008-0901.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488686/100/0/threaded" - }, - { - "name" : "http://www.s21sec.com/avisos/s21sec-040-en.txt", - "refsource" : "MISC", - "url" : "http://www.s21sec.com/avisos/s21sec-040-en.txt" - }, - { - "name" : "BEA08-197.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/271" - }, - { - "name" : "ADV-2008-0612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0612/references" - }, - { - "name" : "1019449", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019449" - }, - { - "name" : "29041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA08-197.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/271" + }, + { + "name": "29041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29041" + }, + { + "name": "ADV-2008-0612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0612/references" + }, + { + "name": "http://www.s21sec.com/avisos/s21sec-040-en.txt", + "refsource": "MISC", + "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt" + }, + { + "name": "1019449", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019449" + }, + { + "name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1132.json b/2008/1xxx/CVE-2008-1132.json index 39bb1aea72b..3f257e83804 100644 --- a/2008/1xxx/CVE-2008-1132.json +++ b/2008/1xxx/CVE-2008-1132.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=579181", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=579181" - }, - { - "name" : "29097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=579181", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=579181" + }, + { + "name": "29097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29097" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1266.json b/2008/1xxx/CVE-2008-1266.json index 3f255b73192..e83de96b8de 100644 --- a/2008/1xxx/CVE-2008-1266.json +++ b/2008/1xxx/CVE-2008-1266.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "28439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28439" - }, - { - "name" : "29366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29366" - }, - { - "name" : "dlink-di524-interface-dos(41125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "28439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28439" + }, + { + "name": "29366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29366" + }, + { + "name": "dlink-di524-interface-dos(41125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3018.json b/2008/3xxx/CVE-2008-3018.json index 6c29476154d..f214475e004 100644 --- a/2008/3xxx/CVE-2008-3018.json +++ b/2008/3xxx/CVE-2008-3018.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the \"Malformed PICT Filter Vulnerability,\" a different vulnerability than CVE-2008-3021." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-3018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02360", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "SSRT080117", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "MS08-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044" - }, - { - "name" : "TA08-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" - }, - { - "name" : "30597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30597" - }, - { - "name" : "oval:org.mitre.oval:def:5879", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5879" - }, - { - "name" : "ADV-2008-2348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2348" - }, - { - "name" : "1020673", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020673" - }, - { - "name" : "31336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the \"Malformed PICT Filter Vulnerability,\" a different vulnerability than CVE-2008-3021." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS08-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044" + }, + { + "name": "TA08-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" + }, + { + "name": "30597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30597" + }, + { + "name": "HPSBST02360", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "1020673", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020673" + }, + { + "name": "SSRT080117", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "ADV-2008-2348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2348" + }, + { + "name": "31336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31336" + }, + { + "name": "oval:org.mitre.oval:def:5879", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5879" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3020.json b/2008/3xxx/CVE-2008-3020.json index c9e437b554f..1c21bbe358c 100644 --- a/2008/3xxx/CVE-2008-3020.json +++ b/2008/3xxx/CVE-2008-3020.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the \"Malformed BMP Filter Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-3020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02360", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "SSRT080117", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "MS08-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044" - }, - { - "name" : "TA08-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" - }, - { - "name" : "30599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30599" - }, - { - "name" : "oval:org.mitre.oval:def:5868", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5868" - }, - { - "name" : "ADV-2008-2348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2348" - }, - { - "name" : "1020673", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020673" - }, - { - "name" : "31336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the \"Malformed BMP Filter Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS08-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044" + }, + { + "name": "TA08-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" + }, + { + "name": "HPSBST02360", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "1020673", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020673" + }, + { + "name": "SSRT080117", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "ADV-2008-2348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2348" + }, + { + "name": "31336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31336" + }, + { + "name": "30599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30599" + }, + { + "name": "oval:org.mitre.oval:def:5868", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5868" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3514.json b/2008/3xxx/CVE-2008-3514.json index 067e874c788..f13d4774ca8 100644 --- a/2008/3xxx/CVE-2008-3514.json +++ b/2008/3xxx/CVE-2008-3514.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side \"enabled/disabled functionality\" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an \"attempt to assign permissions to other system users.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080812 VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495386/100/0/threaded" - }, - { - "name" : "http://www.insomniasec.com/advisories/ISVA-080812.1.htm", - "refsource" : "MISC", - "url" : "http://www.insomniasec.com/advisories/ISVA-080812.1.htm" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0012.html" - }, - { - "name" : "30664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30664" - }, - { - "name" : "ADV-2008-2363", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2363" - }, - { - "name" : "1020693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020693" - }, - { - "name" : "31468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31468" - }, - { - "name" : "4150", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4150" - }, - { - "name" : "virtualcenter-backend-info-disclosure(44425)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side \"enabled/disabled functionality\" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an \"attempt to assign permissions to other system users.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html" + }, + { + "name": "31468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31468" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0012.html" + }, + { + "name": "ADV-2008-2363", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2363" + }, + { + "name": "virtualcenter-backend-info-disclosure(44425)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44425" + }, + { + "name": "4150", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4150" + }, + { + "name": "1020693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020693" + }, + { + "name": "30664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30664" + }, + { + "name": "20080812 VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495386/100/0/threaded" + }, + { + "name": "http://www.insomniasec.com/advisories/ISVA-080812.1.htm", + "refsource": "MISC", + "url": "http://www.insomniasec.com/advisories/ISVA-080812.1.htm" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3728.json b/2008/3xxx/CVE-2008-3728.json index 0d20bced687..73fad456ae6 100644 --- a/2008/3xxx/CVE-2008-3728.json +++ b/2008/3xxx/CVE-2008-3728.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080815 Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121881329424635&w=2" - }, - { - "name" : "http://www.oliverkarow.de/research/mailscan.txt", - "refsource" : "MISC", - "url" : "http://www.oliverkarow.de/research/mailscan.txt" - }, - { - "name" : "30700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30700" - }, - { - "name" : "31534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31534" - }, - { - "name" : "4172", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4172" - }, - { - "name" : "mailscan-admininterface-security-bypass(44518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4172", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4172" + }, + { + "name": "30700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30700" + }, + { + "name": "31534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31534" + }, + { + "name": "20080815 Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121881329424635&w=2" + }, + { + "name": "mailscan-admininterface-security-bypass(44518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44518" + }, + { + "name": "http://www.oliverkarow.de/research/mailscan.txt", + "refsource": "MISC", + "url": "http://www.oliverkarow.de/research/mailscan.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4083.json b/2008/4xxx/CVE-2008-4083.json index 30535fdd1bd..92390253fd8 100644 --- a/2008/4xxx/CVE-2008-4083.json +++ b/2008/4xxx/CVE-2008-4083.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6332", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6332" - }, - { - "name" : "30944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30944" - }, - { - "name" : "31661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31661" - }, - { - "name" : "4251", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4251" - }, - { - "name" : "brim-index-xss(44790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30944" + }, + { + "name": "6332", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6332" + }, + { + "name": "4251", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4251" + }, + { + "name": "brim-index-xss(44790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44790" + }, + { + "name": "31661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31661" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4123.json b/2008/4xxx/CVE-2008-4123.json index 8c37efc0aaa..bf9390cdeef 100644 --- a/2008/4xxx/CVE-2008-4123.json +++ b/2008/4xxx/CVE-2008-4123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4331.json b/2008/4xxx/CVE-2008-4331.json index 2f87b89fb7e..f525f7cd99f 100644 --- a/2008/4xxx/CVE-2008-4331.json +++ b/2008/4xxx/CVE-2008-4331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6563", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6563" - }, - { - "name" : "31392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31392" - }, - { - "name" : "phpocs-index-file-include(45424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31392" + }, + { + "name": "phpocs-index-file-include(45424)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45424" + }, + { + "name": "6563", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6563" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4578.json b/2008/4xxx/CVE-2008-4578.json index 493e05185bd..4472a4fbd16 100644 --- a/2008/4xxx/CVE-2008-4578.json +++ b/2008/4xxx/CVE-2008-4578.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the \"k\" right to create unauthorized \"parent/child/child\" mailboxes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081119 Re: [ MDVSA-2008:232 ] dovecot", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498498/100/0/threaded" - }, - { - "name" : "[Dovecot-news] 20081005 v1.1.4 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot-news/2008-October/000085.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=240409", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=240409" - }, - { - "name" : "GLSA-200812-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-16.xml" - }, - { - "name" : "MDVSA-2008:232", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:232" - }, - { - "name" : "31587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31587" - }, - { - "name" : "ADV-2008-2745", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2745" - }, - { - "name" : "32164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32164" - }, - { - "name" : "33149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33149" - }, - { - "name" : "dovecot-acl-mailbox-security-bypass(45669)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the \"k\" right to create unauthorized \"parent/child/child\" mailboxes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32164" + }, + { + "name": "dovecot-acl-mailbox-security-bypass(45669)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45669" + }, + { + "name": "33149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33149" + }, + { + "name": "ADV-2008-2745", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2745" + }, + { + "name": "31587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31587" + }, + { + "name": "MDVSA-2008:232", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:232" + }, + { + "name": "GLSA-200812-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-16.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=240409", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=240409" + }, + { + "name": "[Dovecot-news] 20081005 v1.1.4 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot-news/2008-October/000085.html" + }, + { + "name": "20081119 Re: [ MDVSA-2008:232 ] dovecot", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498498/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2022.json b/2013/2xxx/CVE-2013-2022.json index 494b58e4f64..10b123f40f9 100644 --- a/2013/2xxx/CVE-2013-2022.json +++ b/2013/2xxx/CVE-2013-2022.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter. NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130421 Vulnerabilities in jPlayer", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Apr/192" - }, - { - "name" : "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136570964825921&w=2" - }, - { - "name" : "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136726705917858&w=2" - }, - { - "name" : "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136773622321563&w=2" - }, - { - "name" : "[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/27/7" - }, - { - "name" : "[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/04/5" - }, - { - "name" : "http://www.jplayer.org/2.3.0/release-notes/", - "refsource" : "CONFIRM", - "url" : "http://www.jplayer.org/2.3.0/release-notes/" - }, - { - "name" : "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373", - "refsource" : "CONFIRM", - "url" : "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter. NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373", + "refsource": "CONFIRM", + "url": "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373" + }, + { + "name": "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136773622321563&w=2" + }, + { + "name": "[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/27/7" + }, + { + "name": "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136570964825921&w=2" + }, + { + "name": "http://www.jplayer.org/2.3.0/release-notes/", + "refsource": "CONFIRM", + "url": "http://www.jplayer.org/2.3.0/release-notes/" + }, + { + "name": "[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/04/5" + }, + { + "name": "20130421 Vulnerabilities in jPlayer", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Apr/192" + }, + { + "name": "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136726705917858&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2280.json b/2013/2xxx/CVE-2013-2280.json index ccff3c31470..f26a0a997ff 100644 --- a/2013/2xxx/CVE-2013-2280.json +++ b/2013/2xxx/CVE-2013-2280.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2280", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2280", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2555.json b/2013/2xxx/CVE-2013-2555.json index 10211fa8160..768189e323f 100644 --- a/2013/2xxx/CVE-2013-2555.json +++ b/2013/2xxx/CVE-2013-2555.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130418 VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html" - }, - { - "name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", - "refsource" : "MISC", - "url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" - }, - { - "name" : "http://twitter.com/VUPEN/statuses/309713355466227713", - "refsource" : "MISC", - "url" : "http://twitter.com/VUPEN/statuses/309713355466227713" - }, - { - "name" : "http://twitter.com/thezdi/statuses/309756927301283840", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/309756927301283840" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-11.html" - }, - { - "name" : "HPSBMU02948", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139455789818399&w=2" - }, - { - "name" : "RHSA-2013:0730", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0730.html" - }, - { - "name" : "SUSE-SU-2013:0670", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html" - }, - { - "name" : "openSUSE-SU-2013:0672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html" - }, - { - "name" : "openSUSE-SU-2013:0675", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130418 VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html" + }, + { + "name": "http://twitter.com/VUPEN/statuses/309713355466227713", + "refsource": "MISC", + "url": "http://twitter.com/VUPEN/statuses/309713355466227713" + }, + { + "name": "SUSE-SU-2013:0670", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-11.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-11.html" + }, + { + "name": "http://twitter.com/thezdi/statuses/309756927301283840", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/309756927301283840" + }, + { + "name": "HPSBMU02948", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139455789818399&w=2" + }, + { + "name": "RHSA-2013:0730", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0730.html" + }, + { + "name": "openSUSE-SU-2013:0672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html" + }, + { + "name": "openSUSE-SU-2013:0675", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html" + }, + { + "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", + "refsource": "MISC", + "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2923.json b/2013/2xxx/CVE-2013-2923.json index 9a6042161cf..47d335950a8 100644 --- a/2013/2xxx/CVE-2013-2923.json +++ b/2013/2xxx/CVE-2013-2923.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=237800", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=237800" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=246724", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=246724" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=254728", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=254728" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=257852", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=257852" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=260138", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=260138" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=264211", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=264211" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=265493", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=265493" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=265731", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=265731" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=266593", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=266593" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=267068", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=267068" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=269835", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=269835" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=274020", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=274020" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=276111", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=276111" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=277656", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=277656" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=278366", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=278366" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=279286", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=279286" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=284792", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=284792" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=285380", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=285380" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=288761", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=288761" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=288771", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=288771" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=289648", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=289648" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=293521", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=293521" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=294023", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=294023" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=294202", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=294202" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=294206", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=294206" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=299016", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=299016" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "openSUSE-SU-2013:1556", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:18103", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=237800", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=237800" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:18103", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=294206", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=294206" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=284792", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=284792" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=274020", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=274020" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=264211", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=264211" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=276111", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=276111" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=265731", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=265731" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=288771", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=288771" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=254728", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=254728" + }, + { + "name": "openSUSE-SU-2013:1556", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=294202", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=294202" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=288761", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=288761" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=246724", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=246724" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=266593", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=266593" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=299016", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=299016" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=260138", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=260138" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=279286", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=279286" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=277656", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=277656" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=294023", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=294023" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=257852", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=257852" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=269835", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=269835" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=267068", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=267068" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=293521", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=293521" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=285380", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=285380" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=278366", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=278366" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=289648", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=289648" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=265493", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=265493" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3130.json b/2013/3xxx/CVE-2013-3130.json index 90ae7159272..a0735c72bc0 100644 --- a/2013/3xxx/CVE-2013-3130.json +++ b/2013/3xxx/CVE-2013-3130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3130", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3660, CVE-2013-3661. Reason: This candidate is a reservation duplicate of CVE-2013-3660 and CVE-2013-3661. Notes: All CVE users should reference CVE-2013-3660 and/or CVE-2013-3661 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3130", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3660, CVE-2013-3661. Reason: This candidate is a reservation duplicate of CVE-2013-3660 and CVE-2013-3661. Notes: All CVE users should reference CVE-2013-3660 and/or CVE-2013-3661 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3419.json b/2013/3xxx/CVE-2013-3419.json index 8cb8b34f3c0..d447f74c146 100644 --- a/2013/3xxx/CVE-2013-3419.json +++ b/2013/3xxx/CVE-2013-3419.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130711 Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130711 Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3445.json b/2013/3xxx/CVE-2013-3445.json index c9c1c39136b..86c7dc30492 100644 --- a/2013/3xxx/CVE-2013-3445.json +++ b/2013/3xxx/CVE-2013-3445.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30217", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30217" - }, - { - "name" : "20130725 Cisco Identity Services Engine High CPU Utilization Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3445" - }, - { - "name" : "61452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61452" - }, - { - "name" : "95659", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95659" - }, - { - "name" : "1028837", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028837" - }, - { - "name" : "cisco-ise-cve20133445-dos(85982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95659", + "refsource": "OSVDB", + "url": "http://osvdb.org/95659" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30217", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30217" + }, + { + "name": "61452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61452" + }, + { + "name": "cisco-ise-cve20133445-dos(85982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85982" + }, + { + "name": "1028837", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028837" + }, + { + "name": "20130725 Cisco Identity Services Engine High CPU Utilization Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3445" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3681.json b/2013/3xxx/CVE-2013-3681.json index 4c4501ada42..9d5cd8bd2ac 100644 --- a/2013/3xxx/CVE-2013-3681.json +++ b/2013/3xxx/CVE-2013-3681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3681", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3681", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6199.json b/2013/6xxx/CVE-2013-6199.json index 89d91e93af6..7d8feb0c1a6 100644 --- a/2013/6xxx/CVE-2013-6199.json +++ b/2013/6xxx/CVE-2013-6199.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6199", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6199", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6326.json b/2013/6xxx/CVE-2013-6326.json index 29866e0c9b0..4b450359b89 100644 --- a/2013/6xxx/CVE-2013-6326.json +++ b/2013/6xxx/CVE-2013-6326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6482.json b/2013/6xxx/CVE-2013-6482.json index 69e5e58047b..a54c879eda4 100644 --- a/2013/6xxx/CVE-2013-6482.json +++ b/2013/6xxx/CVE-2013-6482.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pidgin.im/news/security/?id=75", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=75" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=76", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=76" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=77", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=77" - }, - { - "name" : "DSA-2859", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2859" - }, - { - "name" : "RHSA-2014:0139", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2014-0139.html" - }, - { - "name" : "openSUSE-SU-2014:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html" - }, - { - "name" : "openSUSE-SU-2014:0326", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html" - }, - { - "name" : "USN-2100-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2100-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0326", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html" + }, + { + "name": "RHSA-2014:0139", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html" + }, + { + "name": "http://www.pidgin.im/news/security/?id=75", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=75" + }, + { + "name": "DSA-2859", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2859" + }, + { + "name": "openSUSE-SU-2014:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html" + }, + { + "name": "http://www.pidgin.im/news/security/?id=76", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=76" + }, + { + "name": "USN-2100-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2100-1" + }, + { + "name": "http://www.pidgin.im/news/security/?id=77", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=77" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6955.json b/2013/6xxx/CVE-2013-6955.json index eb9533a44d2..5f5d5c7f61c 100644 --- a/2013/6xxx/CVE-2013-6955.json +++ b/2013/6xxx/CVE-2013-6955.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-6955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#615910", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/615910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#615910", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/615910" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7046.json b/2013/7xxx/CVE-2013-7046.json index 74c7f0565fe..ce885a63a5c 100644 --- a/2013/7xxx/CVE-2013-7046.json +++ b/2013/7xxx/CVE-2013-7046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7389.json b/2013/7xxx/CVE-2013-7389.json index 66528bbc341..2d91255c93b 100644 --- a/2013/7xxx/CVE-2013-7389.json +++ b/2013/7xxx/CVE-2013-7389.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", - "refsource" : "MISC", - "url" : "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt" - }, - { - "name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008" - }, - { - "name" : "61579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61579" - }, - { - "name" : "95910", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/95910" - }, - { - "name" : "95952", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/95952" - }, - { - "name" : "95953", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/95953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", + "refsource": "MISC", + "url": "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt" + }, + { + "name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008", + "refsource": "CONFIRM", + "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008" + }, + { + "name": "95953", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/95953" + }, + { + "name": "95952", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/95952" + }, + { + "name": "95910", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/95910" + }, + { + "name": "61579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61579" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10071.json b/2017/10xxx/CVE-2017-10071.json index d70148cf0d0..a91a0b0230b 100644 --- a/2017/10xxx/CVE-2017-10071.json +++ b/2017/10xxx/CVE-2017-10071.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3.0" - }, - { - "version_affected" : "=", - "version_value" : "11.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.0.3" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3.0" + }, + { + "version_affected": "=", + "version_value": "11.4.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.2" + }, + { + "version_affected": "=", + "version_value": "12.0.3" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99866" - }, - { - "name" : "1038934", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038934", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038934" + }, + { + "name": "99866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99866" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10906.json b/2017/10xxx/CVE-2017-10906.json index 47c501baea9..42caeb877ae 100644 --- a/2017/10xxx/CVE-2017-10906.json +++ b/2017/10xxx/CVE-2017-10906.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fluentd", - "version" : { - "version_data" : [ - { - "version_value" : "0.12.29 through 0.12.40" - } - ] - } - } - ] - }, - "vendor_name" : "Cloud Native Computing Foundation (CNCF)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escape Sequence Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fluentd", + "version": { + "version_data": [ + { + "version_value": "0.12.29 through 0.12.40" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Native Computing Foundation (CNCF)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jvn.jp/en/vu/JVNVU95124098/index.html", - "refsource" : "MISC", - "url" : "https://jvn.jp/en/vu/JVNVU95124098/index.html" - }, - { - "name" : "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes", - "refsource" : "CONFIRM", - "url" : "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes" - }, - { - "name" : "https://github.com/fluent/fluentd/pull/1733", - "refsource" : "CONFIRM", - "url" : "https://github.com/fluent/fluentd/pull/1733" - }, - { - "name" : "RHSA-2018:2225", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escape Sequence Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2225", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2225" + }, + { + "name": "https://jvn.jp/en/vu/JVNVU95124098/index.html", + "refsource": "MISC", + "url": "https://jvn.jp/en/vu/JVNVU95124098/index.html" + }, + { + "name": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes", + "refsource": "CONFIRM", + "url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes" + }, + { + "name": "https://github.com/fluent/fluentd/pull/1733", + "refsource": "CONFIRM", + "url": "https://github.com/fluent/fluentd/pull/1733" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14128.json b/2017/14xxx/CVE-2017-14128.json index 5b3b63eea82..3b63b085668 100644 --- a/2017/14xxx/CVE-2017-14128.json +++ b/2017/14xxx/CVE-2017-14128.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22059" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" - }, - { - "name" : "GLSA-201801-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-01" - }, - { - "name" : "100623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100623" + }, + { + "name": "GLSA-201801-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-01" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22059" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14815.json b/2017/14xxx/CVE-2017-14815.json index 908d65f217f..37125c09428 100644 --- a/2017/14xxx/CVE-2017-14815.json +++ b/2017/14xxx/CVE-2017-14815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14815", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14815", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14837.json b/2017/14xxx/CVE-2017-14837.json index 6914329bbc4..4190fe9e077 100644 --- a/2017/14xxx/CVE-2017-14837.json +++ b/2017/14xxx/CVE-2017-14837.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-881", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-881" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-881", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-881" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14937.json b/2017/14xxx/CVE-2017-14937.json index 8e2e67bcfa4..609f2eab603 100644 --- a/2017/14xxx/CVE-2017-14937.json +++ b/2017/14xxx/CVE-2017-14937.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF", - "refsource" : "MISC", - "url" : "http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF" - }, - { - "name" : "https://www.rapid7.com/db/modules/post/hardware/automotive/pdt", - "refsource" : "MISC", - "url" : "https://www.rapid7.com/db/modules/post/hardware/automotive/pdt" - }, - { - "name" : "https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts", - "refsource" : "MISC", - "url" : "https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.rapid7.com/db/modules/post/hardware/automotive/pdt", + "refsource": "MISC", + "url": "https://www.rapid7.com/db/modules/post/hardware/automotive/pdt" + }, + { + "name": "http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF", + "refsource": "MISC", + "url": "http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF" + }, + { + "name": "https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts", + "refsource": "MISC", + "url": "https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17010.json b/2017/17xxx/CVE-2017-17010.json index eb30b951191..8e6a4cdfbe7 100644 --- a/2017/17xxx/CVE-2017-17010.json +++ b/2017/17xxx/CVE-2017-17010.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-17010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Content Manager Assistant for PlayStation", - "version" : { - "version_data" : [ - { - "version_value" : "version 3.55.7671.0901 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Sony Interactive Entertainment Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-17010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Content Manager Assistant for PlayStation", + "version": { + "version_data": [ + { + "version_value": "version 3.55.7671.0901 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Sony Interactive Entertainment Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#95423049", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN95423049/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#95423049", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN95423049/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17054.json b/2017/17xxx/CVE-2017-17054.json index 234baf03d67..d0a53e7f812 100644 --- a/2017/17xxx/CVE-2017-17054.json +++ b/2017/17xxx/CVE-2017-17054.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/aubio/aubio/issues/148", - "refsource" : "MISC", - "url" : "https://github.com/aubio/aubio/issues/148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/aubio/aubio/issues/148", + "refsource": "MISC", + "url": "https://github.com/aubio/aubio/issues/148" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17444.json b/2017/17xxx/CVE-2017-17444.json index 548207201bb..f219d5f6ab0 100644 --- a/2017/17xxx/CVE-2017-17444.json +++ b/2017/17xxx/CVE-2017-17444.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17444", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17444", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17699.json b/2017/17xxx/CVE-2017-17699.json index eeb122bc260..166f68e22bd 100644 --- a/2017/17xxx/CVE-2017-17699.json +++ b/2017/17xxx/CVE-2017-17699.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mmmxny/K7-Antivirus/tree/master/cve3", - "refsource" : "MISC", - "url" : "https://github.com/mmmxny/K7-Antivirus/tree/master/cve3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mmmxny/K7-Antivirus/tree/master/cve3", + "refsource": "MISC", + "url": "https://github.com/mmmxny/K7-Antivirus/tree/master/cve3" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9142.json b/2017/9xxx/CVE-2017-9142.json index 91d208d01e2..6a34979c141 100644 --- a/2017/9xxx/CVE-2017-9142.json +++ b/2017/9xxx/CVE-2017-9142.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/490", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/490" - }, - { - "name" : "DSA-3863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3863" - }, - { - "name" : "98683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a" + }, + { + "name": "98683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98683" + }, + { + "name": "DSA-3863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3863" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/490", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/490" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9286.json b/2017/9xxx/CVE-2017-9286.json index f1332ef069b..2f1c4c46f3e 100644 --- a/2017/9xxx/CVE-2017-9286.json +++ b/2017/9xxx/CVE-2017-9286.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.com", - "DATE_PUBLIC" : "2017-10-04T00:00:00.000Z", - "ID" : "CVE-2017-9286", - "STATE" : "PUBLIC", - "TITLE" : "nextcloud package security issues with /srv/www/htdocs" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nextcloud", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "11.0.3-3.1" - } - ] - } - } - ] - }, - "vendor_name" : "SUSE" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Ludwig Nussel of SUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Using the untrusted hierarchy under /srv/wwwroot/htdocs during update as root user could be used to overwrite root files." - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-10-04T00:00:00.000Z", + "ID": "CVE-2017-9286", + "STATE": "PUBLIC", + "TITLE": "nextcloud package security issues with /srv/www/htdocs" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nextcloud", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.0.3-3.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1036756", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1036756" - }, - { - "name" : "https://www.suse.com/de-de/security/cve/CVE-2017-9286/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/de-de/security/cve/CVE-2017-9286/" - }, - { - "name" : "openSUSE-SU-2017:2641", - "refsource" : "SUSE", - "url" : "https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html" - } - ] - }, - "source" : { - "advisory" : "https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html", - "defect" : [ - "https://bugzilla.suse.com/show_bug.cgi?id=1036756" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ludwig Nussel of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Using the untrusted hierarchy under /srv/wwwroot/htdocs during update as root user could be used to overwrite root files." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2017:2641", + "refsource": "SUSE", + "url": "https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html" + }, + { + "name": "https://www.suse.com/de-de/security/cve/CVE-2017-9286/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/de-de/security/cve/CVE-2017-9286/" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1036756", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1036756" + } + ] + }, + "source": { + "advisory": "https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html", + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1036756" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9304.json b/2017/9xxx/CVE-2017-9304.json index 7b6dd9c0e39..a38742e39b8 100644 --- a/2017/9xxx/CVE-2017-9304.json +++ b/2017/9xxx/CVE-2017-9304.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699", - "refsource" : "CONFIRM", - "url" : "https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699" - }, - { - "name" : "https://github.com/VirusTotal/yara/issues/674", - "refsource" : "CONFIRM", - "url" : "https://github.com/VirusTotal/yara/issues/674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699", + "refsource": "CONFIRM", + "url": "https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699" + }, + { + "name": "https://github.com/VirusTotal/yara/issues/674", + "refsource": "CONFIRM", + "url": "https://github.com/VirusTotal/yara/issues/674" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0050.json b/2018/0xxx/CVE-2018-0050.json index 67a0d7ef4f7..19d3f2539c1 100644 --- a/2018/0xxx/CVE-2018-0050.json +++ b/2018/0xxx/CVE-2018-0050.json @@ -1,148 +1,148 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-10-10T16:00:00.000Z", - "ID" : "CVE-2018-0050", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: Receipt of a malformed MPLS RSVP packet leads to a Routing Protocols Daemon (RPD) crash." - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-10-10T16:00:00.000Z", + "ID": "CVE-2018-0050", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Receipt of a malformed MPLS RSVP packet leads to a Routing Protocols Daemon (RPD) crash." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "14.1", + "version_value": "14.1R8-S5, 14.1R9" + }, + { + "affected": "<", + "platform": "QFX Switching", + "version_name": "14.1X53", + "version_value": "14.1X53-D48" + }, + { + "affected": "<", + "platform": "QFabric System", + "version_name": "14.2", + "version_value": "14.1X53-D130" + }, + { + "affected": "<", + "version_name": "14.2", + "version_value": "14.2R4" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal protocols configurations are required:\n\n [protocols rsvp]\n [protocols mpls interface]\n" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "14.1", - "version_value" : "14.1R8-S5, 14.1R9" - }, - { - "affected" : "<", - "platform" : "QFX Switching", - "version_name" : "14.1X53", - "version_value" : "14.1X53-D48" - }, - { - "affected" : "<", - "platform" : "QFabric System", - "version_name" : "14.2", - "version_value" : "14.1X53-D130" - }, - { - "affected" : "<", - "version_name" : "14.2", - "version_value" : "14.2R4" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" + "lang": "eng", + "value": "An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic." } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "The following minimal protocols configurations are required:\n\n [protocols rsvp]\n [protocols mpls interface]\n" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Error Handling\n" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10884", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10884" - }, - { - "name" : "106206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106206" - }, - { - "name" : "1041851", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041851" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: 14.1R8-S5, 14.1R9, 14.1X53-D130, 14.1X53-D48, 14.2R4, 15.1R1, and all subsequent releases.\n" - } - ], - "source" : { - "advisory" : "JSA10884", - "defect" : [ - "1087100" - ], - "discovery" : "INTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "Remove MPLS configuration stanzas from interface configurations that are at risk.\nNo other workarounds exist for this issue. " - } - ] -} + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Error Handling\n" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041851", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041851" + }, + { + "name": "https://kb.juniper.net/JSA10884", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10884" + }, + { + "name": "106206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106206" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 14.1R8-S5, 14.1R9, 14.1X53-D130, 14.1X53-D48, 14.2R4, 15.1R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10884", + "defect": [ + "1087100" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Remove MPLS configuration stanzas from interface configurations that are at risk.\nNo other workarounds exist for this issue. " + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0571.json b/2018/0xxx/CVE-2018-0571.json index 9bd0fc24642..35ec0fca961 100644 --- a/2018/0xxx/CVE-2018-0571.json +++ b/2018/0xxx/CVE-2018-0571.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "baserCMS", - "version" : { - "version_data" : [ - { - "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" - } - ] - } - } - ] - }, - "vendor_name" : "baserCMS Users Community" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unrestricted Upload of File with Dangerous Type" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "baserCMS", + "version": { + "version_data": [ + { + "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" + } + ] + } + } + ] + }, + "vendor_name": "baserCMS Users Community" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://basercms.net/security/JVN67881316", - "refsource" : "MISC", - "url" : "https://basercms.net/security/JVN67881316" - }, - { - "name" : "JVN#67881316", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN67881316/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://basercms.net/security/JVN67881316", + "refsource": "MISC", + "url": "https://basercms.net/security/JVN67881316" + }, + { + "name": "JVN#67881316", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN67881316/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0594.json b/2018/0xxx/CVE-2018-0594.json index 50ead8caa85..fe91fa96302 100644 --- a/2018/0xxx/CVE-2018-0594.json +++ b/2018/0xxx/CVE-2018-0594.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Skype for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Skype for Windows", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", - "refsource" : "MISC", - "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "name" : "JVN#91151862", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" - }, - { - "name" : "104563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource": "MISC", + "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name": "JVN#91151862", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN91151862/index.html" + }, + { + "name": "104563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104563" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0702.json b/2018/0xxx/CVE-2018-0702.json index a5e78f00430..143c8909793 100644 --- a/2018/0xxx/CVE-2018-0702.json +++ b/2018/0xxx/CVE-2018-0702.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Mailwise", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0 to 5.4.5" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Mailwise", + "version": { + "version_data": [ + { + "version_value": "5.0.0 to 5.4.5" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.cybozu.support/article/34135/", - "refsource" : "MISC", - "url" : "https://kb.cybozu.support/article/34135/" - }, - { - "name" : "JVN#83739174", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN83739174/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.cybozu.support/article/34135/", + "refsource": "MISC", + "url": "https://kb.cybozu.support/article/34135/" + }, + { + "name": "JVN#83739174", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN83739174/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000005.json b/2018/1000xxx/CVE-2018-1000005.json index f7f88327c06..3d0173aa53a 100644 --- a/2018/1000xxx/CVE-2018-1000005.json +++ b/2018/1000xxx/CVE-2018-1000005.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-01-17", - "ID" : "CVE-2018-1000005", - "REQUESTER" : "daniel@haxx.se", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libcurl", - "version" : { - "version_data" : [ - { - "version_value" : "libcurl 7.49.0 to and including 7.57.0" - } - ] - } - } - ] - }, - "vendor_name" : "libcurl" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-01-17", + "ID": "CVE-2018-1000005", + "REQUESTER": "daniel@haxx.se", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://curl.haxx.se/docs/adv_2018-824a.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_2018-824a.html" - }, - { - "name" : "https://github.com/curl/curl/pull/2231", - "refsource" : "CONFIRM", - "url" : "https://github.com/curl/curl/pull/2231" - }, - { - "name" : "DSA-4098", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4098" - }, - { - "name" : "USN-3554-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3554-1/" - }, - { - "name" : "1040273", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040273", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040273" + }, + { + "name": "USN-3554-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3554-1/" + }, + { + "name": "DSA-4098", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4098" + }, + { + "name": "https://curl.haxx.se/docs/adv_2018-824a.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_2018-824a.html" + }, + { + "name": "https://github.com/curl/curl/pull/2231", + "refsource": "CONFIRM", + "url": "https://github.com/curl/curl/pull/2231" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000601.json b/2018/1000xxx/CVE-2018-1000601.json index f7801795fd3..4dd0ffb0373 100644 --- a/2018/1000xxx/CVE-2018-1000601.json +++ b/2018/1000xxx/CVE-2018-1000601.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-25T11:12:00.700012", - "DATE_REQUESTED" : "2018-06-25T00:00:00", - "ID" : "CVE-2018-1000601", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins SSH Credentials Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.13 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-25T11:12:00.700012", + "DATE_REQUESTED": "2018-06-25T00:00:00", + "ID": "CVE-2018-1000601", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000646.json b/2018/1000xxx/CVE-2018-1000646.json index b65f2f65c6f..ad42f8afef1 100644 --- a/2018/1000xxx/CVE-2018-1000646.json +++ b/2018/1000xxx/CVE-2018-1000646.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-19T17:09:33.122288", - "DATE_REQUESTED" : "2018-08-08T13:38:36", - "ID" : "CVE-2018-1000646", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LH-EHR", - "version" : { - "version_data" : [ - { - "version_value" : "REL-2.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "LibreHealthIO" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authenticated Unrestricted File Write" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-19T17:09:33.122288", + "DATE_REQUESTED": "2018-08-08T13:38:36", + "ID": "CVE-2018-1000646", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/" - }, - { - "name" : "https://github.com/LibreHealthIO/lh-ehr/issues/1211", - "refsource" : "MISC", - "url" : "https://github.com/LibreHealthIO/lh-ehr/issues/1211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/" + }, + { + "name": "https://github.com/LibreHealthIO/lh-ehr/issues/1211", + "refsource": "MISC", + "url": "https://github.com/LibreHealthIO/lh-ehr/issues/1211" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000849.json b/2018/1000xxx/CVE-2018-1000849.json index 82743174f2c..ff48976f73b 100644 --- a/2018/1000xxx/CVE-2018-1000849.json +++ b/2018/1000xxx/CVE-2018-1000849.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.487947", - "DATE_REQUESTED" : "2018-11-21T15:16:04", - "ID" : "CVE-2018-1000849", - "REQUESTER" : "d@duniel.no", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Alpine Linux", - "version" : { - "version_data" : [ - { - "version_value" : "Versions prior to 2.6.10, 2.7.6, and 2.10.1" - } - ] - } - } - ] - }, - "vendor_name" : "Alpine Linux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other/Unknown" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.487947", + "DATE_REQUESTED": "2018-11-21T15:16:04", + "ID": "CVE-2018-1000849", + "REQUESTER": "d@duniel.no", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://alpinelinux.org/posts/Alpine-3.8.1-released.html", - "refsource" : "MISC", - "url" : "https://alpinelinux.org/posts/Alpine-3.8.1-released.html" - }, - { - "name" : "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1", - "refsource" : "MISC", - "url" : "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1" - }, - { - "name" : "https://justi.cz/security/2018/09/13/alpine-apk-rce.html", - "refsource" : "MISC", - "url" : "https://justi.cz/security/2018/09/13/alpine-apk-rce.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html", + "refsource": "MISC", + "url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html" + }, + { + "name": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html", + "refsource": "MISC", + "url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html" + }, + { + "name": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1", + "refsource": "MISC", + "url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19143.json b/2018/19xxx/CVE-2018-19143.json index fd75449849d..c00508b8d34 100644 --- a/2018/19xxx/CVE-2018-19143.json +++ b/2018/19xxx/CVE-2018-19143.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html" - }, - { - "name" : "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/", - "refsource" : "MISC", - "url" : "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/", + "refsource": "MISC", + "url": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/" + }, + { + "name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19376.json b/2018/19xxx/CVE-2018-19376.json index e6385fb146f..f6cd3f57569 100644 --- a/2018/19xxx/CVE-2018-19376.json +++ b/2018/19xxx/CVE-2018-19376.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/GreenCMS/GreenCMS/issues/114", - "refsource" : "MISC", - "url" : "https://github.com/GreenCMS/GreenCMS/issues/114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/GreenCMS/GreenCMS/issues/114", + "refsource": "MISC", + "url": "https://github.com/GreenCMS/GreenCMS/issues/114" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19601.json b/2018/19xxx/CVE-2018-19601.json index f3d77290869..fd0e4f71eb0 100644 --- a/2018/19xxx/CVE-2018-19601.json +++ b/2018/19xxx/CVE-2018-19601.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-19601/blob/master/SSRF.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-19601/blob/master/SSRF.pdf" - }, - { - "name" : "https://github.com/rhymix/rhymix/issues/1089", - "refsource" : "CONFIRM", - "url" : "https://github.com/rhymix/rhymix/issues/1089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-19601/blob/master/SSRF.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-19601/blob/master/SSRF.pdf" + }, + { + "name": "https://github.com/rhymix/rhymix/issues/1089", + "refsource": "CONFIRM", + "url": "https://github.com/rhymix/rhymix/issues/1089" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19610.json b/2018/19xxx/CVE-2018-19610.json index 7e12e4d4561..1c17af765dc 100644 --- a/2018/19xxx/CVE-2018-19610.json +++ b/2018/19xxx/CVE-2018-19610.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19610", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19610", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19720.json b/2018/19xxx/CVE-2018-19720.json index 980ab950c8b..1ecc76bd6ed 100644 --- a/2018/19xxx/CVE-2018-19720.json +++ b/2018/19xxx/CVE-2018-19720.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-19720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-19720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106161" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1311.json b/2018/1xxx/CVE-2018-1311.json index fa12fca296c..45e0cc5b308 100644 --- a/2018/1xxx/CVE-2018-1311.json +++ b/2018/1xxx/CVE-2018-1311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1311", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1311", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1581.json b/2018/1xxx/CVE-2018-1581.json index 74446c76374..16c9d40ef55 100644 --- a/2018/1xxx/CVE-2018-1581.json +++ b/2018/1xxx/CVE-2018-1581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1581", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1581", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4235.json b/2018/4xxx/CVE-2018-4235.json index 5e0d73cf17d..3d9a86eff44 100644 --- a/2018/4xxx/CVE-2018-4235.json +++ b/2018/4xxx/CVE-2018-4235.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Messages\" component. It allows local users to perform impersonation attacks via an unspecified injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208848", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208848" - }, - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - }, - { - "name" : "https://support.apple.com/HT208850", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208850" - }, - { - "name" : "https://support.apple.com/HT208851", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208851" - }, - { - "name" : "1041027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Messages\" component. It allows local users to perform impersonation attacks via an unspecified injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208850", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208850" + }, + { + "name": "https://support.apple.com/HT208851", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208851" + }, + { + "name": "1041027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041027" + }, + { + "name": "https://support.apple.com/HT208848", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208848" + }, + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4390.json b/2018/4xxx/CVE-2018-4390.json index bafd35b9059..4b12a1c460c 100644 --- a/2018/4xxx/CVE-2018-4390.json +++ b/2018/4xxx/CVE-2018-4390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4978.json b/2018/4xxx/CVE-2018-4978.json index 31604201067..62f4f16af70 100644 --- a/2018/4xxx/CVE-2018-4978.json +++ b/2018/4xxx/CVE-2018-4978.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104172" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104172" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4992.json b/2018/4xxx/CVE-2018-4992.json index 65e76272afa..ed167066f57 100644 --- a/2018/4xxx/CVE-2018-4992.json +++ b/2018/4xxx/CVE-2018-4992.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Creative Cloud Desktop Application 4.4.1.298 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Creative Cloud Desktop Application 4.4.1.298 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper input validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Creative Cloud Desktop Application 4.4.1.298 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Creative Cloud Desktop Application 4.4.1.298 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html" - }, - { - "name" : "104103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104103" - }, - { - "name" : "1040860", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104103" + }, + { + "name": "1040860", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040860" + }, + { + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html" + } + ] + } +} \ No newline at end of file