diff --git a/2004/1xxx/CVE-2004-1199.json b/2004/1xxx/CVE-2004-1199.json index ab24fe9da8a..b387821aaa1 100644 --- a/2004/1xxx/CVE-2004-1199.json +++ b/2004/1xxx/CVE-2004-1199.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041125 More Browser flaws on MACOSX: nested array sort() loop Stack overflow exception", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029458.html" - }, - { - "name" : "11759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11759" - }, - { - "name" : "web-browser-array-dos(18282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "web-browser-array-dos(18282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" + }, + { + "name": "20041125 More Browser flaws on MACOSX: nested array sort() loop Stack overflow exception", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029458.html" + }, + { + "name": "11759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11759" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0033.json b/2008/0xxx/CVE-2008-0033.json index 4db5c817a52..54d70c29701 100644 --- a/2008/0xxx/CVE-2008-0033.json +++ b/2008/0xxx/CVE-2008-0033.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486413/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01" - }, - { - "name" : "APPLE-SA-2008-01-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307301", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307301" - }, - { - "name" : "TA08-016A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-016A.html" - }, - { - "name" : "27299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27299" - }, - { - "name" : "ADV-2008-0148", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0148" - }, - { - "name" : "1019221", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019221" - }, - { - "name" : "28502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28502" - }, - { - "name" : "quicktime-idsc-code-execution(39697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded" + }, + { + "name": "28502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28502" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307301", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307301" + }, + { + "name": "TA08-016A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html" + }, + { + "name": "APPLE-SA-2008-01-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html" + }, + { + "name": "ADV-2008-0148", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0148" + }, + { + "name": "27299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27299" + }, + { + "name": "1019221", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019221" + }, + { + "name": "quicktime-idsc-code-execution(39697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1559.json b/2008/1xxx/CVE-2008-1559.json index abf5fe49cab..40b738ea22b 100644 --- a/2008/1xxx/CVE-2008-1559.json +++ b/2008/1xxx/CVE-2008-1559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5310", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5310" - }, - { - "name" : "28443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28443" - }, - { - "name" : "alphacontent-index-sql-injection(41428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "alphacontent-index-sql-injection(41428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41428" + }, + { + "name": "5310", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5310" + }, + { + "name": "28443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28443" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3622.json b/2008/3xxx/CVE-2008-3622.json index 1f4d9a5a290..4b586700e67 100644 --- a/2008/3xxx/CVE-2008-3622.json +++ b/2008/3xxx/CVE-2008-3622.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka \"persistent JavaScript injection.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "31189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31189" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "1020886", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020886" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "macos-wikiserver-xss(45178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka \"persistent JavaScript injection.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31189" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "1020886", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020886" + }, + { + "name": "macos-wikiserver-xss(45178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45178" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3922.json b/2008/3xxx/CVE-2008-3922.json index 9744b69054b..241ed4ef943 100644 --- a/2008/3xxx/CVE-2008-3922.json +++ b/2008/3xxx/CVE-2008-3922.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080826 Multiple Vulnerabilities in AWStats Totals", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495770/100/0/threaded" - }, - { - "name" : "17324", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17324" - }, - { - "name" : "6368", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6368" - }, - { - "name" : "http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt", - "refsource" : "MISC", - "url" : "http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt" - }, - { - "name" : "http://www.telartis.nl/xcms/awstats/", - "refsource" : "CONFIRM", - "url" : "http://www.telartis.nl/xcms/awstats/" - }, - { - "name" : "30856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30856" - }, - { - "name" : "8259", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8259" - }, - { - "name" : "ADV-2008-2442", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2442" - }, - { - "name" : "31630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31630" - }, - { - "name" : "4218", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4218" - }, - { - "name" : "awstatstotals-multisort-command-execution(44712)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6368", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6368" + }, + { + "name": "17324", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17324" + }, + { + "name": "http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt", + "refsource": "MISC", + "url": "http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt" + }, + { + "name": "http://www.telartis.nl/xcms/awstats/", + "refsource": "CONFIRM", + "url": "http://www.telartis.nl/xcms/awstats/" + }, + { + "name": "awstatstotals-multisort-command-execution(44712)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44712" + }, + { + "name": "4218", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4218" + }, + { + "name": "ADV-2008-2442", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2442" + }, + { + "name": "31630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31630" + }, + { + "name": "8259", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8259" + }, + { + "name": "30856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30856" + }, + { + "name": "20080826 Multiple Vulnerabilities in AWStats Totals", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495770/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4444.json b/2008/4xxx/CVE-2008-4444.json index 59d15721eb7..01645da4a01 100644 --- a/2008/4xxx/CVE-2008-4444.json +++ b/2008/4xxx/CVE-2008-4444.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090114 Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500059/100/0/threaded" - }, - { - "name" : "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html" - }, - { - "name" : "33264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33264" - }, - { - "name" : "4917", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4917" - }, - { - "name" : "cisco-unifiedipphone-rtp-dos(47948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-unifiedipphone-rtp-dos(47948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47948" + }, + { + "name": "4917", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4917" + }, + { + "name": "33264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33264" + }, + { + "name": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html" + }, + { + "name": "20090114 Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500059/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4554.json b/2008/4xxx/CVE-2008-4554.json index abd0699b508..34d84a73440 100644 --- a/2008/4xxx/CVE-2008-4554.json +++ b/2008/4xxx/CVE-2008-4554.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081013 CVE request: kernel: don't allow splice() to files opened with O_APPEND", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/13/1" - }, - { - "name" : "[oss-security] 20081014 Re: CVE request: kernel: don't allow splice() to files opened with O_APPEND", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/14/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=466707", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=466707" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27" - }, - { - "name" : "DSA-1687", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1687" - }, - { - "name" : "DSA-1681", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1681" - }, - { - "name" : "FEDORA-2008-8929", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html" - }, - { - "name" : "FEDORA-2008-8980", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html" - }, - { - "name" : "MDVSA-2008:224", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224" - }, - { - "name" : "RHSA-2008:1017", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1017.html" - }, - { - "name" : "RHSA-2009:0009", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0009.html" - }, - { - "name" : "SUSE-SA:2009:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" - }, - { - "name" : "USN-679-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-679-1" - }, - { - "name" : "31903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31903" - }, - { - "name" : "oval:org.mitre.oval:def:11142", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11142" - }, - { - "name" : "32386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32386" - }, - { - "name" : "32918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32918" - }, - { - "name" : "33182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33182" - }, - { - "name" : "33180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33180" - }, - { - "name" : "32998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32998" - }, - { - "name" : "33586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33586" - }, - { - "name" : "35390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35390" - }, - { - "name" : "linux-kernel-dosplicefrom-security-bypass(45954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35390" + }, + { + "name": "32998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32998" + }, + { + "name": "[oss-security] 20081013 CVE request: kernel: don't allow splice() to files opened with O_APPEND", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/13/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=466707", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=466707" + }, + { + "name": "MDVSA-2008:224", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224" + }, + { + "name": "oval:org.mitre.oval:def:11142", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11142" + }, + { + "name": "linux-kernel-dosplicefrom-security-bypass(45954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45954" + }, + { + "name": "31903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31903" + }, + { + "name": "RHSA-2009:0009", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html" + }, + { + "name": "SUSE-SA:2009:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" + }, + { + "name": "FEDORA-2008-8929", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html" + }, + { + "name": "[oss-security] 20081014 Re: CVE request: kernel: don't allow splice() to files opened with O_APPEND", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/14/5" + }, + { + "name": "33586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33586" + }, + { + "name": "DSA-1687", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1687" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f" + }, + { + "name": "32918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32918" + }, + { + "name": "USN-679-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-679-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27" + }, + { + "name": "33180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33180" + }, + { + "name": "RHSA-2008:1017", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1017.html" + }, + { + "name": "32386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32386" + }, + { + "name": "FEDORA-2008-8980", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html" + }, + { + "name": "DSA-1681", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1681" + }, + { + "name": "33182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33182" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7199.json b/2008/7xxx/CVE-2008-7199.json index f26e6e1941c..a4137a441a1 100644 --- a/2008/7xxx/CVE-2008-7199.json +++ b/2008/7xxx/CVE-2008-7199.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port 502." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080115 Re: scada/plc gear", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0268.html" - }, - { - "name" : "51002", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port 502." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080115 Re: scada/plc gear", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0268.html" + }, + { + "name": "51002", + "refsource": "OSVDB", + "url": "http://osvdb.org/51002" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2114.json b/2013/2xxx/CVE-2013-2114.json index 0d04708c4f2..86781cef630 100644 --- a/2013/2xxx/CVE-2013-2114.json +++ b/2013/2xxx/CVE-2013-2114.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20130521 MediaWiki Security Release: 1.20.6 and 1.19.7", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html" - }, - { - "name" : "[oss-security] 20130524 Re: CVE request: MediaWiki chunked uploads vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/24/3" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306" - }, - { - "name" : "GLSA-201310-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201310-21.xml" - }, - { - "name" : "55433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55433" + }, + { + "name": "[oss-security] 20130524 Re: CVE request: MediaWiki chunked uploads vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/24/3" + }, + { + "name": "GLSA-201310-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306" + }, + { + "name": "[MediaWiki-announce] 20130521 MediaWiki Security Release: 1.20.6 and 1.19.7", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2286.json b/2013/2xxx/CVE-2013-2286.json index a613d50d41d..c26b3527d7b 100644 --- a/2013/2xxx/CVE-2013-2286.json +++ b/2013/2xxx/CVE-2013-2286.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2286", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2286", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2598.json b/2013/2xxx/CVE-2013-2598.json index 456c2b8a163..71d9367a26e 100644 --- a/2013/2xxx/CVE-2013-2598.json +++ b/2013/2xxx/CVE-2013-2598.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/projects/security-advisories/loading-image-data-memory-locations-based-untrusted-header-data-lk-bootloader-cve-2013-2598", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/projects/security-advisories/loading-image-data-memory-locations-based-untrusted-header-data-lk-bootloader-cve-2013-2598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/projects/security-advisories/loading-image-data-memory-locations-based-untrusted-header-data-lk-bootloader-cve-2013-2598", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/projects/security-advisories/loading-image-data-memory-locations-based-untrusted-header-data-lk-bootloader-cve-2013-2598" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2650.json b/2013/2xxx/CVE-2013-2650.json index eca7a4de358..6b123c95fa7 100644 --- a/2013/2xxx/CVE-2013-2650.json +++ b/2013/2xxx/CVE-2013-2650.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2650", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2650", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2854.json b/2013/2xxx/CVE-2013-2854.json index e32513d6740..92c657f3aaa 100644 --- a/2013/2xxx/CVE-2013-2854.json +++ b/2013/2xxx/CVE-2013-2854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=243339", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=243339" - }, - { - "name" : "oval:org.mitre.oval:def:16796", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=243339", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=243339" + }, + { + "name": "oval:org.mitre.oval:def:16796", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16796" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3612.json b/2013/3xxx/CVE-2013-3612.json index 4baf60b7c94..ca7c0e54692 100644 --- a/2013/3xxx/CVE-2013-3612.json +++ b/2013/3xxx/CVE-2013-3612.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified \"backdoor\" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#800094", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/800094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified \"backdoor\" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#800094", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/800094" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6169.json b/2013/6xxx/CVE-2013-6169.json index ef4f52feca0..081bf4737db 100644 --- a/2013/6xxx/CVE-2013-6169.json +++ b/2013/6xxx/CVE-2013-6169.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/", - "refsource" : "CONFIRM", - "url" : "https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/" - }, - { - "name" : "DSA-2775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/", + "refsource": "CONFIRM", + "url": "https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/" + }, + { + "name": "DSA-2775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2775" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6430.json b/2013/6xxx/CVE-2013-6430.json index 0451641c3e5..4b4ec58f0a2 100644 --- a/2013/6xxx/CVE-2013-6430.json +++ b/2013/6xxx/CVE-2013-6430.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6430", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6430", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6736.json b/2013/6xxx/CVE-2013-6736.json index e02f863a934..78fdeded14b 100644 --- a/2013/6xxx/CVE-2013-6736.json +++ b/2013/6xxx/CVE-2013-6736.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6736", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6736", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6858.json b/2013/6xxx/CVE-2013-6858.json index 1aa434e3c5e..5ada0b8e0bc 100644 --- a/2013/6xxx/CVE-2013-6858.json +++ b/2013/6xxx/CVE-2013-6858.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) \"Volumes\" or (2) \"Network Topology\" page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/horizon/+bug/1247675", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/horizon/+bug/1247675" - }, - { - "name" : "openSUSE-SU-2015:0078", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" - }, - { - "name" : "USN-2062-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2062-1" - }, - { - "name" : "63787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63787" - }, - { - "name" : "55770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55770" - }, - { - "name" : "56117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) \"Volumes\" or (2) \"Network Topology\" page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63787" + }, + { + "name": "USN-2062-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2062-1" + }, + { + "name": "https://bugs.launchpad.net/horizon/+bug/1247675", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/horizon/+bug/1247675" + }, + { + "name": "55770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55770" + }, + { + "name": "openSUSE-SU-2015:0078", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" + }, + { + "name": "56117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56117" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7049.json b/2013/7xxx/CVE-2013-7049.json index ec8d9894f22..498fc1242a3 100644 --- a/2013/7xxx/CVE-2013-7049.json +++ b/2013/7xxx/CVE-2013-7049.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long string in a DH1080_INIT message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131211 CVE Request: ZNC IRC Bouncer DoS in FiSH Plugin", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/482" - }, - { - "name" : "[oss-security] 20131212 Re: CVE Request: ZNC IRC Bouncer DoS in FiSH Plugin", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/489" - }, - { - "name" : "https://code.google.com/p/znc-msvc/", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/znc-msvc/" - }, - { - "name" : "64254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64254" - }, - { - "name" : "100859", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100859" - }, - { - "name" : "fish-cve20137049-dos(89671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long string in a DH1080_INIT message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/znc-msvc/", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/znc-msvc/" + }, + { + "name": "[oss-security] 20131211 CVE Request: ZNC IRC Bouncer DoS in FiSH Plugin", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/482" + }, + { + "name": "fish-cve20137049-dos(89671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89671" + }, + { + "name": "64254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64254" + }, + { + "name": "100859", + "refsource": "OSVDB", + "url": "http://osvdb.org/100859" + }, + { + "name": "[oss-security] 20131212 Re: CVE Request: ZNC IRC Bouncer DoS in FiSH Plugin", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/489" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7155.json b/2013/7xxx/CVE-2013-7155.json index 8a10fdf5677..e3f299c1bd3 100644 --- a/2013/7xxx/CVE-2013-7155.json +++ b/2013/7xxx/CVE-2013-7155.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7155", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7155", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10232.json b/2017/10xxx/CVE-2017-10232.json index 9ad523cdfea..0845b75a136 100644 --- a/2017/10xxx/CVE-2017-10232.json +++ b/2017/10xxx/CVE-2017-10232.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality WebSuite8 Cloud Service", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.9.6" - }, - { - "version_affected" : "=", - "version_value" : "8.10.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hospitality WebSuite8 Cloud Service. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hospitality WebSuite8 Cloud Service." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality WebSuite8 Cloud Service", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.9.6" + }, + { + "version_affected": "=", + "version_value": "8.10.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hospitality WebSuite8 Cloud Service. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hospitality WebSuite8 Cloud Service." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10278.json b/2017/10xxx/CVE-2017-10278.json index b72952c3dea..888851298ab 100644 --- a/2017/10xxx/CVE-2017-10278.json +++ b/2017/10xxx/CVE-2017-10278.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tuxedo", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tuxedo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html" - }, - { - "name" : "101870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101870" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10529.json b/2017/10xxx/CVE-2017-10529.json index 0192d6fcffa..44d8369d4bd 100644 --- a/2017/10xxx/CVE-2017-10529.json +++ b/2017/10xxx/CVE-2017-10529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10811.json b/2017/10xxx/CVE-2017-10811.json index de8e58222c5..a4485db8ad5 100644 --- a/2017/10xxx/CVE-2017-10811.json +++ b/2017/10xxx/CVE-2017-10811.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WCR-1166DS", - "version" : { - "version_data" : [ - { - "version_value" : "firmware 1.30 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "BUFFALO INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WCR-1166DS", + "version": { + "version_data": [ + { + "version_value": "firmware 1.30 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "BUFFALO INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://buffalo.jp/support_s/s20170804_1.html", - "refsource" : "CONFIRM", - "url" : "http://buffalo.jp/support_s/s20170804_1.html" - }, - { - "name" : "JVN#05340005", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN05340005/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://buffalo.jp/support_s/s20170804_1.html", + "refsource": "CONFIRM", + "url": "http://buffalo.jp/support_s/s20170804_1.html" + }, + { + "name": "JVN#05340005", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN05340005/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10873.json b/2017/10xxx/CVE-2017-10873.json index e6b2cca1836..4169d4f41ad 100644 --- a/2017/10xxx/CVE-2017-10873.json +++ b/2017/10xxx/CVE-2017-10873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-10873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenAM", - "version" : { - "version_data" : [ - { - "version_value" : "Open Source Edition" - } - ] - } - } - ] - }, - "vendor_name" : "Open Source Solution Technology Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-10873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenAM", + "version": { + "version_data": [ + { + "version_value": "Open Source Edition" + } + ] + } + } + ] + }, + "vendor_name": "Open Source Solution Technology Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cs.themistruct.com/", - "refsource" : "MISC", - "url" : "https://www.cs.themistruct.com/" - }, - { - "name" : "https://www.osstech.co.jp/support/am2017-2-1-en", - "refsource" : "MISC", - "url" : "https://www.osstech.co.jp/support/am2017-2-1-en" - }, - { - "name" : "JVN#97243511", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN79546124/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cs.themistruct.com/", + "refsource": "MISC", + "url": "https://www.cs.themistruct.com/" + }, + { + "name": "JVN#97243511", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN79546124/" + }, + { + "name": "https://www.osstech.co.jp/support/am2017-2-1-en", + "refsource": "MISC", + "url": "https://www.osstech.co.jp/support/am2017-2-1-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14577.json b/2017/14xxx/CVE-2017-14577.json index b9a6e0ba999..9fe5244a79f 100644 --- a/2017/14xxx/CVE-2017-14577.json +++ b/2017/14xxx/CVE-2017-14577.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14577", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14577", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14577" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14807.json b/2017/14xxx/CVE-2017-14807.json index af530df9d11..bfcdb7cc006 100644 --- a/2017/14xxx/CVE-2017-14807.json +++ b/2017/14xxx/CVE-2017-14807.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14807", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14807", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17897.json b/2017/17xxx/CVE-2017-17897.json index d97882ecf19..4ab45f60803 100644 --- a/2017/17xxx/CVE-2017-17897.json +++ b/2017/17xxx/CVE-2017-17897.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9016.json b/2017/9xxx/CVE-2017-9016.json index 16f4918ea50..6a8e1de05a9 100644 --- a/2017/9xxx/CVE-2017-9016.json +++ b/2017/9xxx/CVE-2017-9016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9308.json b/2017/9xxx/CVE-2017-9308.json index 01b7e1bd038..e466221f1aa 100644 --- a/2017/9xxx/CVE-2017-9308.json +++ b/2017/9xxx/CVE-2017-9308.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9308", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9308", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9546.json b/2017/9xxx/CVE-2017-9546.json index ec292b3b1b7..82ca689a1ce 100644 --- a/2017/9xxx/CVE-2017-9546.json +++ b/2017/9xxx/CVE-2017-9546.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/298", - "refsource" : "CONFIRM", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/298", + "refsource": "CONFIRM", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/298" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9834.json b/2017/9xxx/CVE-2017-9834.json index fb1c804e4c4..0348bc41035 100644 --- a/2017/9xxx/CVE-2017-9834.json +++ b/2017/9xxx/CVE-2017-9834.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42291", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42291/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8897", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8897", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8897" + }, + { + "name": "42291", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42291/" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0083.json b/2018/0xxx/CVE-2018-0083.json index 2177b1b290f..957a4ce45a2 100644 --- a/2018/0xxx/CVE-2018-0083.json +++ b/2018/0xxx/CVE-2018-0083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0083", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0083", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0233.json b/2018/0xxx/CVE-2018-0233.json index 4cd8be7a2a1..35db24b9d8c 100644 --- a/2018/0xxx/CVE-2018-0233.json +++ b/2018/0xxx/CVE-2018-0233.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower Detection Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower Detection Engine" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connections through an affected device. A successful exploit could allow the attacker to cause the detection engine to consume excessive system memory on the affected device, which could cause a DoS condition. The device may need to be reloaded manually to recover from this condition. This vulnerability affects Cisco Firepower System Software Releases 6.0.0 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Firewalls with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, Firepower 4100 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower 9300 Series Security Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower Threat Defense Virtual for VMware, Industrial Security Appliance 3000, Sourcefire 3D System Appliances. Cisco Bug IDs: CSCve23031." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower Detection Engine", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower Detection Engine" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort" - }, - { - "name" : "103930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connections through an affected device. A successful exploit could allow the attacker to cause the detection engine to consume excessive system memory on the affected device, which could cause a DoS condition. The device may need to be reloaded manually to recover from this condition. This vulnerability affects Cisco Firepower System Software Releases 6.0.0 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Firewalls with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, Firepower 4100 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower 9300 Series Security Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower Threat Defense Virtual for VMware, Industrial Security Appliance 3000, Sourcefire 3D System Appliances. Cisco Bug IDs: CSCve23031." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort" + }, + { + "name": "103930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103930" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0671.json b/2018/0xxx/CVE-2018-0671.json index 21e2abf958a..d51bfb0ac55 100644 --- a/2018/0xxx/CVE-2018-0671.json +++ b/2018/0xxx/CVE-2018-0671.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "INplc-RT", - "version" : { - "version_data" : [ - { - "version_value" : "3.08 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "MICRONET CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "INplc-RT", + "version": { + "version_data": [ + { + "version_value": "3.08 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "MICRONET CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mnc.co.jp/INplc/info_20180907_E.htm", - "refsource" : "MISC", - "url" : "http://www.mnc.co.jp/INplc/info_20180907_E.htm" - }, - { - "name" : "JVN#59624986", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN59624986/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mnc.co.jp/INplc/info_20180907_E.htm", + "refsource": "MISC", + "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm" + }, + { + "name": "JVN#59624986", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN59624986/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000525.json b/2018/1000xxx/CVE-2018-1000525.json index 5fa31f5c927..cfae586c6b2 100644 --- a/2018/1000xxx/CVE-2018-1000525.json +++ b/2018/1000xxx/CVE-2018-1000525.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.034379", - "DATE_REQUESTED" : "2018-06-01T15:29:43", - "ID" : "CVE-2018-1000525", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openpsa", - "version" : { - "version_data" : [ - { - "version_value" : "<= 9.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "openpsa" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "PHP Object Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.034379", + "DATE_REQUESTED": "2018-06-01T15:29:43", + "ID": "CVE-2018-1000525", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/05/31/OpenPSA-Object-Injection/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/05/31/OpenPSA-Object-Injection/" - }, - { - "name" : "https://github.com/flack/openpsa/issues/191", - "refsource" : "MISC", - "url" : "https://github.com/flack/openpsa/issues/191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/flack/openpsa/issues/191", + "refsource": "MISC", + "url": "https://github.com/flack/openpsa/issues/191" + }, + { + "name": "https://0dd.zone/2018/05/31/OpenPSA-Object-Injection/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/05/31/OpenPSA-Object-Injection/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000530.json b/2018/1000xxx/CVE-2018-1000530.json index 71fbf59595e..1ad38ce5aec 100644 --- a/2018/1000xxx/CVE-2018-1000530.json +++ b/2018/1000xxx/CVE-2018-1000530.json @@ -1,19 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2018-06-21", - "ID" : "CVE-2018-1000530", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11522. Reason: This candidate is a reservation duplicate of CVE-2018-11522. Notes: All CVE users should reference CVE-2018-11522 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000530", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11522. Reason: This candidate is a reservation duplicate of CVE-2018-11522. Notes: All CVE users should reference CVE-2018-11522 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000997.json b/2018/1000xxx/CVE-2018-1000997.json index 46ebcdf6005..fb0ea7620af 100644 --- a/2018/1000xxx/CVE-2018-1000997.json +++ b/2018/1000xxx/CVE-2018-1000997.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2019-01-23T03:31:21.125186", - "ID" : "CVE-2018-1000997", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.145 and earlier, LTS 2.138.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2019-01-23T03:31:21.125186", + "ID": "CVE-2018-1000997", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16095.json b/2018/16xxx/CVE-2018-16095.json index 61f8dae1285..4654bcfc791 100644 --- a/2018/16xxx/CVE-2018-16095.json +++ b/2018/16xxx/CVE-2018-16095.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2018-16095", - "STATE" : "PUBLIC", - "TITLE" : "System Management Module Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ThinkSystem SMM", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "1.06" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2018-16095", + "STATE": "PUBLIC", + "TITLE": "System Management Module Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ThinkSystem SMM", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.06" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-24374", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-24374" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Update SMM firmware" - } - ], - "source" : { - "advisory" : "LEN-24374", - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-24374", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-24374" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update SMM firmware" + } + ], + "source": { + "advisory": "LEN-24374", + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16482.json b/2018/16xxx/CVE-2018-16482.json index 70cbd285ea2..edf3762cd6f 100644 --- a/2018/16xxx/CVE-2018-16482.json +++ b/2018/16xxx/CVE-2018-16482.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mcstatic", - "version" : { - "version_data" : [ - { - "version_value" : "<=0.0.20" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mcstatic", + "version": { + "version_data": [ + { + "version_value": "<=0.0.20" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/330285", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/330285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/330285", + "refsource": "MISC", + "url": "https://hackerone.com/reports/330285" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16895.json b/2018/16xxx/CVE-2018-16895.json index 61002e823aa..94cb2638e0f 100644 --- a/2018/16xxx/CVE-2018-16895.json +++ b/2018/16xxx/CVE-2018-16895.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16895", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16895", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19107.json b/2018/19xxx/CVE-2018-19107.json index b984a02836c..fd0735376cb 100644 --- a/2018/19xxx/CVE-2018-19107.json +++ b/2018/19xxx/CVE-2018-19107.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html" - }, - { - "name" : "https://github.com/Exiv2/exiv2/issues/427", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/427" - }, - { - "name" : "https://github.com/Exiv2/exiv2/pull/518", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/pull/518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html" + }, + { + "name": "https://github.com/Exiv2/exiv2/issues/427", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/427" + }, + { + "name": "https://github.com/Exiv2/exiv2/pull/518", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/pull/518" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19116.json b/2018/19xxx/CVE-2018-19116.json index bb45fc4f8b0..336dfb4764c 100644 --- a/2018/19xxx/CVE-2018-19116.json +++ b/2018/19xxx/CVE-2018-19116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19522.json b/2018/19xxx/CVE-2018-19522.json index 7ed659aedcb..2203a72f4ff 100644 --- a/2018/19xxx/CVE-2018-19522.json +++ b/2018/19xxx/CVE-2018-19522.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://downwithup.github.io/CVEPosts.html", - "refsource" : "MISC", - "url" : "https://downwithup.github.io/CVEPosts.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://downwithup.github.io/CVEPosts.html", + "refsource": "MISC", + "url": "https://downwithup.github.io/CVEPosts.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19535.json b/2018/19xxx/CVE-2018-19535.json index 231ec2dc3e0..8f3b391bde3 100644 --- a/2018/19xxx/CVE-2018-19535.json +++ b/2018/19xxx/CVE-2018-19535.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html" - }, - { - "name" : "https://github.com/Exiv2/exiv2/issues/428", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/428" - }, - { - "name" : "https://github.com/Exiv2/exiv2/pull/430", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/pull/430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exiv2/exiv2/issues/428", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/428" + }, + { + "name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html" + }, + { + "name": "https://github.com/Exiv2/exiv2/pull/430", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/pull/430" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19639.json b/2018/19xxx/CVE-2018-19639.json index 5a2da3d6962..74cc442b36e 100644 --- a/2018/19xxx/CVE-2018-19639.json +++ b/2018/19xxx/CVE-2018-19639.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2019-02-21T00:00:00.000Z", - "ID" : "CVE-2018-19639", - "STATE" : "PUBLIC", - "TITLE" : "Code execution if run with command line switch -v" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "supportutils", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "3.1-5.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "SUSE" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Johannes Segitz of SUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 6.7, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-02-21T00:00:00.000Z", + "ID": "CVE-2018-19639", + "STATE": "PUBLIC", + "TITLE": "Code execution if run with command line switch -v" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "supportutils", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.1-5.7.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1118462", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1118462" - } - ] - }, - "source" : { - "advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1118462", - "defect" : [ - "1118462" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1118462", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1118462" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1118462", + "defect": [ + "1118462" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1423.json b/2018/1xxx/CVE-2018-1423.json index 040621deebe..f8f127438bb 100644 --- a/2018/1xxx/CVE-2018-1423.json +++ b/2018/1xxx/CVE-2018-1423.json @@ -1,304 +1,304 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-06T00:00:00", - "ID" : "CVE-2018-1423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Rhapsody Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Engineering Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Software Architect Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - } - ] - } - }, - { - "product_name" : "Rational Team Concert", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "4.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-06T00:00:00", + "ID": "CVE-2018-1423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Rhapsody Design Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Engineering Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Software Architect Design Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + } + ] + } + }, + { + "product_name": "Rational Team Concert", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716599", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716599" - }, - { - "name" : "ibm-jazz-cve20181423-info-disc(139026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "4.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-jazz-cve20181423-info-disc(139026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139026" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716599", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4141.json b/2018/4xxx/CVE-2018-4141.json index b9389c33383..c4d8ba182f8 100644 --- a/2018/4xxx/CVE-2018-4141.json +++ b/2018/4xxx/CVE-2018-4141.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - }, - { - "name" : "1041027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041027" + }, + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4236.json b/2018/4xxx/CVE-2018-4236.json index 6fa437b237d..e451297e520 100644 --- a/2018/4xxx/CVE-2018-4236.json +++ b/2018/4xxx/CVE-2018-4236.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"IOGraphics\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - }, - { - "name" : "1041027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"IOGraphics\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041027" + }, + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4351.json b/2018/4xxx/CVE-2018-4351.json index 9ac85e58a7c..6a1f1a29765 100644 --- a/2018/4xxx/CVE-2018-4351.json +++ b/2018/4xxx/CVE-2018-4351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4782.json b/2018/4xxx/CVE-2018-4782.json index e2493f0ef43..afc6b662e3a 100644 --- a/2018/4xxx/CVE-2018-4782.json +++ b/2018/4xxx/CVE-2018-4782.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4782", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4782", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file