From e465c0f94d444a3859c1208b802187cd95e855d5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:47:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/0xxx/CVE-2008-0172.json | 320 ++++++++++---------- 2008/0xxx/CVE-2008-0634.json | 140 ++++----- 2008/1xxx/CVE-2008-1133.json | 140 ++++----- 2008/1xxx/CVE-2008-1302.json | 190 ++++++------ 2008/4xxx/CVE-2008-4959.json | 210 ++++++------- 2008/5xxx/CVE-2008-5012.json | 480 +++++++++++++++--------------- 2008/5xxx/CVE-2008-5414.json | 170 +++++------ 2008/5xxx/CVE-2008-5508.json | 520 ++++++++++++++++----------------- 2008/5xxx/CVE-2008-5810.json | 200 ++++++------- 2013/3xxx/CVE-2013-3226.json | 170 +++++------ 2013/3xxx/CVE-2013-3538.json | 150 +++++----- 2013/3xxx/CVE-2013-3906.json | 160 +++++----- 2013/3xxx/CVE-2013-3961.json | 180 ++++++------ 2013/4xxx/CVE-2013-4019.json | 160 +++++----- 2013/4xxx/CVE-2013-4293.json | 130 ++++----- 2013/4xxx/CVE-2013-4410.json | 34 +-- 2013/4xxx/CVE-2013-4474.json | 190 ++++++------ 2013/4xxx/CVE-2013-4496.json | 290 +++++++++--------- 2013/4xxx/CVE-2013-4974.json | 130 ++++----- 2013/6xxx/CVE-2013-6154.json | 34 +-- 2013/6xxx/CVE-2013-6452.json | 120 ++++---- 2013/6xxx/CVE-2013-6567.json | 34 +-- 2013/6xxx/CVE-2013-6779.json | 34 +-- 2013/7xxx/CVE-2013-7254.json | 140 ++++----- 2013/7xxx/CVE-2013-7282.json | 130 ++++----- 2017/10xxx/CVE-2017-10044.json | 150 +++++----- 2017/10xxx/CVE-2017-10114.json | 200 ++++++------- 2017/10xxx/CVE-2017-10742.json | 120 ++++---- 2017/12xxx/CVE-2017-12860.json | 120 ++++---- 2017/13xxx/CVE-2017-13556.json | 34 +-- 2017/13xxx/CVE-2017-13792.json | 190 ++++++------ 2017/13xxx/CVE-2017-13923.json | 34 +-- 2017/17xxx/CVE-2017-17023.json | 34 +-- 2017/17xxx/CVE-2017-17365.json | 34 +-- 2017/9xxx/CVE-2017-9059.json | 160 +++++----- 2018/0xxx/CVE-2018-0067.json | 34 +-- 2018/0xxx/CVE-2018-0912.json | 142 ++++----- 2018/18xxx/CVE-2018-18548.json | 140 ++++----- 2018/18xxx/CVE-2018-18612.json | 34 +-- 2018/18xxx/CVE-2018-18938.json | 120 ++++---- 2018/19xxx/CVE-2018-19363.json | 34 +-- 2018/19xxx/CVE-2018-19740.json | 34 +-- 2018/19xxx/CVE-2018-19769.json | 130 ++++----- 2018/19xxx/CVE-2018-19999.json | 34 +-- 2018/1xxx/CVE-2018-1056.json | 190 ++++++------ 2018/1xxx/CVE-2018-1250.json | 184 ++++++------ 2018/1xxx/CVE-2018-1598.json | 34 +-- 2018/5xxx/CVE-2018-5026.json | 140 ++++----- 2018/5xxx/CVE-2018-5912.json | 130 ++++----- 49 files changed, 3456 insertions(+), 3456 deletions(-) diff --git a/2008/0xxx/CVE-2008-0172.json b/2008/0xxx/CVE-2008-0172.json index 8094444124c..857d6b747d2 100644 --- a/2008/0xxx/CVE-2008-0172.json +++ b/2008/0xxx/CVE-2008-0172.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080213 rPSA-2008-0063-1 boost", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488102/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=205955", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=205955" - }, - { - "name" : "http://svn.boost.org/trac/boost/changeset/42674", - "refsource" : "CONFIRM", - "url" : "http://svn.boost.org/trac/boost/changeset/42674" - }, - { - "name" : "http://svn.boost.org/trac/boost/changeset/42745", - "refsource" : "CONFIRM", - "url" : "http://svn.boost.org/trac/boost/changeset/42745" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2143", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2143" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0063", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0063" - }, - { - "name" : "FEDORA-2008-0880", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html" - }, - { - "name" : "GLSA-200802-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml" - }, - { - "name" : "MDVSA-2008:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032" - }, - { - "name" : "SUSE-SR:2008:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" - }, - { - "name" : "USN-570-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-570-1" - }, - { - "name" : "27325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27325" - }, - { - "name" : "48099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48099" - }, - { - "name" : "ADV-2008-0249", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0249" - }, - { - "name" : "28545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28545" - }, - { - "name" : "28705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28705" - }, - { - "name" : "28511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28511" - }, - { - "name" : "28527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28527" - }, - { - "name" : "28943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28943" - }, - { - "name" : "28860", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28860" - }, - { - "name" : "29323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0063", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0063" + }, + { + "name": "48099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48099" + }, + { + "name": "ADV-2008-0249", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0249" + }, + { + "name": "27325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27325" + }, + { + "name": "28860", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28860" + }, + { + "name": "http://svn.boost.org/trac/boost/changeset/42745", + "refsource": "CONFIRM", + "url": "http://svn.boost.org/trac/boost/changeset/42745" + }, + { + "name": "28943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28943" + }, + { + "name": "http://svn.boost.org/trac/boost/changeset/42674", + "refsource": "CONFIRM", + "url": "http://svn.boost.org/trac/boost/changeset/42674" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2143", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2143" + }, + { + "name": "FEDORA-2008-0880", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html" + }, + { + "name": "28511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28511" + }, + { + "name": "20080213 rPSA-2008-0063-1 boost", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488102/100/0/threaded" + }, + { + "name": "28705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28705" + }, + { + "name": "28545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28545" + }, + { + "name": "SUSE-SR:2008:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" + }, + { + "name": "GLSA-200802-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml" + }, + { + "name": "28527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28527" + }, + { + "name": "USN-570-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-570-1" + }, + { + "name": "29323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29323" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=205955", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=205955" + }, + { + "name": "MDVSA-2008:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0634.json b/2008/0xxx/CVE-2008-0634.json index efce77e619a..68829b2d306 100644 --- a/2008/0xxx/CVE-2008-0634.json +++ b/2008/0xxx/CVE-2008-0634.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5045", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5045" - }, - { - "name" : "28649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28649" - }, - { - "name" : "namo-activesquare-bo(40199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5045", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5045" + }, + { + "name": "28649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28649" + }, + { + "name": "namo-activesquare-bo(40199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40199" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1133.json b/2008/1xxx/CVE-2008-1133.json index a5dda7c7596..082cf903fe6 100644 --- a/2008/1xxx/CVE-2008-1133.json +++ b/2008/1xxx/CVE-2008-1133.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/227608", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/227608" - }, - { - "name" : "28026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28026" - }, - { - "name" : "29118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/227608", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/227608" + }, + { + "name": "29118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29118" + }, + { + "name": "28026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28026" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1302.json b/2008/1xxx/CVE-2008-1302.json index 5151ca08c60..a519bbaefb7 100644 --- a/2008/1xxx/CVE-2008-1302.json +++ b/2008/1xxx/CVE-2008-1302.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489179/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/perforces-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/perforces-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/perforces.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/perforces.zip" - }, - { - "name" : "28108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28108" - }, - { - "name" : "29231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29231" - }, - { - "name" : "3735", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3735" - }, - { - "name" : "perforce-server-p4sexe-dos(41363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41363" - }, - { - "name" : "perforceserver-invalid-memory-dos(41016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.org/poc/perforces.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/perforces.zip" + }, + { + "name": "28108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28108" + }, + { + "name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded" + }, + { + "name": "29231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29231" + }, + { + "name": "perforceserver-invalid-memory-dos(41016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41016" + }, + { + "name": "http://aluigi.altervista.org/adv/perforces-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/perforces-adv.txt" + }, + { + "name": "3735", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3735" + }, + { + "name": "perforce-server-p4sexe-dos(41363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41363" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4959.json b/2008/4xxx/CVE-2008-4959.json index f7957858923..dda95a3c3c6 100644 --- a/2008/4xxx/CVE-2008-4959.json +++ b/2008/4xxx/CVE-2008-4959.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/496436", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/496436" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/gpsdrive-scripts", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/gpsdrive-scripts" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "FEDORA-2009-1366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.html" - }, - { - "name" : "30905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30905" - }, - { - "name" : "33825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33825" - }, - { - "name" : "31694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31694" - }, - { - "name" : "gpsdrive-geocode-symlink(44759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gpsdrive-geocode-symlink(44759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44759" + }, + { + "name": "FEDORA-2009-1366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.html" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://bugs.debian.org/496436", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/496436" + }, + { + "name": "30905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30905" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/gpsdrive-scripts", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/gpsdrive-scripts" + }, + { + "name": "31694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31694" + }, + { + "name": "33825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33825" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5012.json b/2008/5xxx/CVE-2008-5012.json index c2ead5d91b5..17a43984851 100644 --- a/2008/5xxx/CVE-2008-5012.json +++ b/2008/5xxx/CVE-2008-5012.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081118 Firefox cross-domain image theft (CESA-2008-009)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498468" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=355126", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=355126" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=451619", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=451619" - }, - { - "name" : "http://scary.beasts.org/security/CESA-2008-009.html", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2008-009.html" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-48.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-48.html" - }, - { - "name" : "DSA-1669", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1669" - }, - { - "name" : "DSA-1671", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1671" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "DSA-1696", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1696" - }, - { - "name" : "FEDORA-2008-9667", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html" - }, - { - "name" : "MDVSA-2008:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228" - }, - { - "name" : "MDVSA-2008:235", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:235" - }, - { - "name" : "RHSA-2008:0977", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0977.html" - }, - { - "name" : "RHSA-2008:0976", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0976.html" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html" - }, - { - "name" : "USN-667-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-667-1" - }, - { - "name" : "TA08-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-319A.html" - }, - { - "name" : "32281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32281" - }, - { - "name" : "32351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32351" - }, - { - "name" : "oval:org.mitre.oval:def:10750", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10750" - }, - { - "name" : "1021187", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021187" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "32684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32684" - }, - { - "name" : "32798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32798" - }, - { - "name" : "32778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32778" - }, - { - "name" : "32853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32853" - }, - { - "name" : "ADV-2008-3146", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3146" - }, - { - "name" : "32845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32845" - }, - { - "name" : "32693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32693" - }, - { - "name" : "32694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32694" - }, - { - "name" : "32714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32714" - }, - { - "name" : "32715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32715" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "33434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33434" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3146", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3146" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "1021187", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021187" + }, + { + "name": "DSA-1671", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1671" + }, + { + "name": "32281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32281" + }, + { + "name": "FEDORA-2008-9667", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html" + }, + { + "name": "RHSA-2008:0977", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0977.html" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=451619", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=451619" + }, + { + "name": "DSA-1669", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1669" + }, + { + "name": "32778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32778" + }, + { + "name": "20081118 Firefox cross-domain image theft (CESA-2008-009)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498468" + }, + { + "name": "RHSA-2008:0976", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0976.html" + }, + { + "name": "32351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32351" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "http://scary.beasts.org/security/CESA-2008-009.html", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2008-009.html" + }, + { + "name": "SUSE-SA:2008:055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html" + }, + { + "name": "32694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32694" + }, + { + "name": "TA08-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-319A.html" + }, + { + "name": "32853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32853" + }, + { + "name": "DSA-1696", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1696" + }, + { + "name": "oval:org.mitre.oval:def:10750", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10750" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-48.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-48.html" + }, + { + "name": "32715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32715" + }, + { + "name": "32693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32693" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html" + }, + { + "name": "MDVSA-2008:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228" + }, + { + "name": "32845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32845" + }, + { + "name": "MDVSA-2008:235", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:235" + }, + { + "name": "33434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33434" + }, + { + "name": "32798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32798" + }, + { + "name": "32684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32684" + }, + { + "name": "USN-667-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-667-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=355126", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=355126" + }, + { + "name": "32714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32714" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5414.json b/2008/5xxx/CVE-2008-5414.json index 2b5a01b5967..ac664868740 100644 --- a/2008/5xxx/CVE-2008-5414.json +++ b/2008/5xxx/CVE-2008-5414.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to \"userNameToken.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PK67282", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67282" - }, - { - "name" : "32679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32679" - }, - { - "name" : "ADV-2008-3370", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3370" - }, - { - "name" : "33022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33022" - }, - { - "name" : "websphere-usernametoken-unspecified(47136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to \"userNameToken.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33022" + }, + { + "name": "websphere-usernametoken-unspecified(47136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47136" + }, + { + "name": "ADV-2008-3370", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3370" + }, + { + "name": "32679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32679" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + }, + { + "name": "PK67282", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67282" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5508.json b/2008/5xxx/CVE-2008-5508.json index b91ec5e890e..fab83d3b632 100644 --- a/2008/5xxx/CVE-2008-5508.json +++ b/2008/5xxx/CVE-2008-5508.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=425046", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=425046" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=460803", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=460803" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-66.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-66.html" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "DSA-1704", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1704" - }, - { - "name" : "DSA-1707", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1707" - }, - { - "name" : "DSA-1696", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1696" - }, - { - "name" : "MDVSA-2008:245", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245" - }, - { - "name" : "MDVSA-2009:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012" - }, - { - "name" : "MDVSA-2008:244", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244" - }, - { - "name" : "RHSA-2008:1036", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1036.html" - }, - { - "name" : "RHSA-2008:1037", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1037.html" - }, - { - "name" : "RHSA-2009:0002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0002.html" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "258748", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1" - }, - { - "name" : "USN-690-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/690-1/" - }, - { - "name" : "USN-690-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-690-2" - }, - { - "name" : "USN-701-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-701-1" - }, - { - "name" : "USN-701-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-701-2" - }, - { - "name" : "32882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32882" - }, - { - "name" : "oval:org.mitre.oval:def:11040", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11040" - }, - { - "name" : "1021426", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021426" - }, - { - "name" : "33231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33231" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "33216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33216" - }, - { - "name" : "33523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33523" - }, - { - "name" : "33547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33547" - }, - { - "name" : "33184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33184" - }, - { - "name" : "33188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33188" - }, - { - "name" : "33189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33189" - }, - { - "name" : "33203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33203" - }, - { - "name" : "33204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33204" - }, - { - "name" : "33205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33205" - }, - { - "name" : "33421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33421" - }, - { - "name" : "33434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33434" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "35080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35080" - }, - { - "name" : "33408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33408" - }, - { - "name" : "33415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33415" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - }, - { - "name" : "mozilla-urlparsing-weak-security(47414)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32882" + }, + { + "name": "33408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33408" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "mozilla-urlparsing-weak-security(47414)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47414" + }, + { + "name": "oval:org.mitre.oval:def:11040", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11040" + }, + { + "name": "1021426", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021426" + }, + { + "name": "33205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33205" + }, + { + "name": "33421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33421" + }, + { + "name": "RHSA-2008:1036", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "USN-690-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-690-2" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-66.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-66.html" + }, + { + "name": "USN-701-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-701-1" + }, + { + "name": "33231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33231" + }, + { + "name": "MDVSA-2008:245", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245" + }, + { + "name": "USN-690-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/690-1/" + }, + { + "name": "MDVSA-2009:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012" + }, + { + "name": "33203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33203" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "DSA-1707", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1707" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=425046", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=425046" + }, + { + "name": "33216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33216" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "RHSA-2008:1037", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html" + }, + { + "name": "DSA-1704", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1704" + }, + { + "name": "DSA-1696", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1696" + }, + { + "name": "33204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33204" + }, + { + "name": "USN-701-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-701-2" + }, + { + "name": "33184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33184" + }, + { + "name": "RHSA-2009:0002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html" + }, + { + "name": "258748", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1" + }, + { + "name": "MDVSA-2008:244", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=460803", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=460803" + }, + { + "name": "33415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33415" + }, + { + "name": "33188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33188" + }, + { + "name": "33523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33523" + }, + { + "name": "35080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35080" + }, + { + "name": "33547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33547" + }, + { + "name": "33434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33434" + }, + { + "name": "33189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33189" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5810.json b/2008/5xxx/CVE-2008-5810.json index 38ec11bc553..2555504d045 100644 --- a/2008/5xxx/CVE-2008-5810.json +++ b/2008/5xxx/CVE-2008-5810.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081219 SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactionsremote command injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499417/100/0/threaded" - }, - { - "name" : "http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt", - "refsource" : "MISC", - "url" : "http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt" - }, - { - "name" : "http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english", - "refsource" : "CONFIRM", - "url" : "http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english" - }, - { - "name" : "32927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32927" - }, - { - "name" : "ADV-2008-3462", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3462" - }, - { - "name" : "1021475", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021475" - }, - { - "name" : "33168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33168" - }, - { - "name" : "4856", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4856" - }, - { - "name" : "webtransactions-wbpublish-command-injection(47495)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt", + "refsource": "MISC", + "url": "http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt" + }, + { + "name": "http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english", + "refsource": "CONFIRM", + "url": "http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english" + }, + { + "name": "webtransactions-wbpublish-command-injection(47495)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47495" + }, + { + "name": "1021475", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021475" + }, + { + "name": "4856", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4856" + }, + { + "name": "ADV-2008-3462", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3462" + }, + { + "name": "32927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32927" + }, + { + "name": "20081219 SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactionsremote command injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499417/100/0/threaded" + }, + { + "name": "33168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33168" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3226.json b/2013/3xxx/CVE-2013-3226.json index e79bdac6ab6..92ae4217ea8 100644 --- a/2013/3xxx/CVE-2013-3226.json +++ b/2013/3xxx/CVE-2013-3226.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20130414 Linux 3.9-rc7", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2013/4/14/107" - }, - { - "name" : "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/14/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c8c499175f7d295ef867335bceb9a76a2c3cdc38", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c8c499175f7d295ef867335bceb9a76a2c3cdc38" - }, - { - "name" : "https://github.com/torvalds/linux/commit/c8c499175f7d295ef867335bceb9a76a2c3cdc38", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/c8c499175f7d295ef867335bceb9a76a2c3cdc38" - }, - { - "name" : "openSUSE-SU-2013:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" - }, - { - "name" : "USN-1837-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1837-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/c8c499175f7d295ef867335bceb9a76a2c3cdc38", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/c8c499175f7d295ef867335bceb9a76a2c3cdc38" + }, + { + "name": "USN-1837-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1837-1" + }, + { + "name": "[linux-kernel] 20130414 Linux 3.9-rc7", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2013/4/14/107" + }, + { + "name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3" + }, + { + "name": "openSUSE-SU-2013:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c8c499175f7d295ef867335bceb9a76a2c3cdc38", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c8c499175f7d295ef867335bceb9a76a2c3cdc38" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3538.json b/2013/3xxx/CVE-2013-3538.json index 537b7c6e72f..9557623f9b2 100644 --- a/2013/3xxx/CVE-2013-3538.json +++ b/2013/3xxx/CVE-2013-3538.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "59069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59069" - }, - { - "name" : "92319", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92319" - }, - { - "name" : "todooforum-todooforum-idpost-pg-xss(83600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92319", + "refsource": "OSVDB", + "url": "http://osvdb.org/92319" + }, + { + "name": "59069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59069" + }, + { + "name": "todooforum-todooforum-idpost-pg-xss(83600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83600" + }, + { + "name": "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3906.json b/2013/3xxx/CVE-2013-3906.json index 563f34a2267..52554538ef8 100644 --- a/2013/3xxx/CVE-2013-3906.json +++ b/2013/3xxx/CVE-2013-3906.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30011", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30011" - }, - { - "name" : "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2", - "refsource" : "MISC", - "url" : "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx" - }, - { - "name" : "http://technet.microsoft.com/security/advisory/2896666", - "refsource" : "CONFIRM", - "url" : "http://technet.microsoft.com/security/advisory/2896666" - }, - { - "name" : "MS13-096", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-096", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096" + }, + { + "name": "30011", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30011" + }, + { + "name": "http://technet.microsoft.com/security/advisory/2896666", + "refsource": "CONFIRM", + "url": "http://technet.microsoft.com/security/advisory/2896666" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx" + }, + { + "name": "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2", + "refsource": "MISC", + "url": "http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3961.json b/2013/3xxx/CVE-2013-3961.json index 0db66696e97..cf318b1d7c1 100644 --- a/2013/3xxx/CVE-2013-3961.json +++ b/2013/3xxx/CVE-2013-3961.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26136", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/26136" - }, - { - "name" : "20130611 [CVE-2013-3961] iSQL in php-agenda <= 2.2.8", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jun/67" - }, - { - "name" : "http://packetstormsecurity.com/files/121978/Simple-PHP-Agenda-2.2.8-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121978/Simple-PHP-Agenda-2.2.8-SQL-Injection.html" - }, - { - "name" : "http://www.webera.fr/advisory-02-php-agenda-isql-exploit", - "refsource" : "MISC", - "url" : "http://www.webera.fr/advisory-02-php-agenda-isql-exploit" - }, - { - "name" : "60481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60481" - }, - { - "name" : "94141", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/94141" - }, - { - "name" : "simplephp-cve20133961-eventid-sql-injection(84938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94141", + "refsource": "OSVDB", + "url": "http://osvdb.org/94141" + }, + { + "name": "60481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60481" + }, + { + "name": "http://www.webera.fr/advisory-02-php-agenda-isql-exploit", + "refsource": "MISC", + "url": "http://www.webera.fr/advisory-02-php-agenda-isql-exploit" + }, + { + "name": "simplephp-cve20133961-eventid-sql-injection(84938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84938" + }, + { + "name": "20130611 [CVE-2013-3961] iSQL in php-agenda <= 2.2.8", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jun/67" + }, + { + "name": "http://packetstormsecurity.com/files/121978/Simple-PHP-Agenda-2.2.8-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121978/Simple-PHP-Agenda-2.2.8-SQL-Injection.html" + }, + { + "name": "26136", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/26136" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4019.json b/2013/4xxx/CVE-2013-4019.json index 38582d9d74f..92944a122ab 100644 --- a/2013/4xxx/CVE-2013-4019.json +++ b/2013/4xxx/CVE-2013-4019.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" - }, - { - "name" : "IV42664", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664" - }, - { - "name" : "55068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55068" - }, - { - "name" : "55070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55070" - }, - { - "name" : "maximo-cve20134019-xss(85796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55070" + }, + { + "name": "maximo-cve20134019-xss(85796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85796" + }, + { + "name": "IV42664", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664" + }, + { + "name": "55068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55068" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4293.json b/2013/4xxx/CVE-2013-4293.json index 6885d9bd7b3..e9b4f6d0793 100644 --- a/2013/4xxx/CVE-2013-4293.json +++ b/2013/4xxx/CVE-2013-4293.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1002853", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1002853" - }, - { - "name" : "RHSA-2013:1448", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1448.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1002853", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002853" + }, + { + "name": "RHSA-2013:1448", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4410.json b/2013/4xxx/CVE-2013-4410.json index f87a1a11d23..4df23ea7bc9 100644 --- a/2013/4xxx/CVE-2013-4410.json +++ b/2013/4xxx/CVE-2013-4410.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4410", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4410", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4474.json b/2013/4xxx/CVE-2013-4474.json index 4ff5d42a424..2169153c747 100644 --- a/2013/4xxx/CVE-2013-4474.json +++ b/2013/4xxx/CVE-2013-4474.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/29/1" - }, - { - "name" : "http://bugs.debian.org/723124", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/723124" - }, - { - "name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=69434", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=69434" - }, - { - "name" : "GLSA-201401-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201401-21.xml" - }, - { - "name" : "USN-2958-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2958-1" - }, - { - "name" : "63374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63374" - }, - { - "name" : "56567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/723124", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/723124" + }, + { + "name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75" + }, + { + "name": "56567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56567" + }, + { + "name": "GLSA-201401-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201401-21.xml" + }, + { + "name": "63374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63374" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=69434", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=69434" + }, + { + "name": "USN-2958-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2958-1" + }, + { + "name": "[oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/29/1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4496.json b/2013/4xxx/CVE-2013-4496.json index e4c6601c6d2..86f287e73ba 100644 --- a/2013/4xxx/CVE-2013-4496.json +++ b/2013/4xxx/CVE-2013-4496.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.samba.org/samba/history/samba-3.6.23.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-3.6.23.html" - }, - { - "name" : "http://www.samba.org/samba/history/samba-4.0.16.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-4.0.16.html" - }, - { - "name" : "http://www.samba.org/samba/history/samba-4.1.6.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-4.1.6.html" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2013-4496", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2013-4496" - }, - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=10245", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=10245" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0138.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0138.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" - }, - { - "name" : "FEDORA-2014-9132", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" - }, - { - "name" : "FEDORA-2014-7672", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" - }, - { - "name" : "GLSA-201502-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-15.xml" - }, - { - "name" : "MDVSA-2015:082", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" - }, - { - "name" : "RHSA-2014:0330", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0330.html" - }, - { - "name" : "openSUSE-SU-2014:0404", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html" - }, - { - "name" : "openSUSE-SU-2014:0405", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "USN-2156-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2156-1" - }, - { - "name" : "66336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.samba.org/samba/history/samba-4.1.6.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-4.1.6.html" + }, + { + "name": "FEDORA-2014-9132", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=10245", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=10245" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2013-4496", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2013-4496" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0138.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0138.html" + }, + { + "name": "http://www.samba.org/samba/history/samba-4.0.16.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-4.0.16.html" + }, + { + "name": "openSUSE-SU-2014:0405", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html" + }, + { + "name": "GLSA-201502-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml" + }, + { + "name": "FEDORA-2014-7672", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" + }, + { + "name": "MDVSA-2015:082", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "openSUSE-SU-2014:0404", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "66336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66336" + }, + { + "name": "RHSA-2014:0330", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0330.html" + }, + { + "name": "USN-2156-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2156-1" + }, + { + "name": "http://www.samba.org/samba/history/samba-3.6.23.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-3.6.23.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4974.json b/2013/4xxx/CVE-2013-4974.json index 727ed628b95..b383ef8077a 100644 --- a/2013/4xxx/CVE-2013-4974.json +++ b/2013/4xxx/CVE-2013-4974.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/08232013_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/08232013_player/en/" - }, - { - "name" : "61990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61990" + }, + { + "name": "http://service.real.com/realplayer/security/08232013_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/08232013_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6154.json b/2013/6xxx/CVE-2013-6154.json index e92c0474a51..379c1f8cb5c 100644 --- a/2013/6xxx/CVE-2013-6154.json +++ b/2013/6xxx/CVE-2013-6154.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6154", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6154", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6452.json b/2013/6xxx/CVE-2013-6452.json index 74a9a1fa01a..527115e2012 100644 --- a/2013/6xxx/CVE-2013-6452.json +++ b/2013/6xxx/CVE-2013-6452.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6567.json b/2013/6xxx/CVE-2013-6567.json index 31e530df28a..d6840a6579d 100644 --- a/2013/6xxx/CVE-2013-6567.json +++ b/2013/6xxx/CVE-2013-6567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6567", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6567", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6779.json b/2013/6xxx/CVE-2013-6779.json index 80779e44607..1667c3145f6 100644 --- a/2013/6xxx/CVE-2013-6779.json +++ b/2013/6xxx/CVE-2013-6779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6779", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6779", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7254.json b/2013/7xxx/CVE-2013-7254.json index c466a96e3f6..6e48a981cb6 100644 --- a/2013/7xxx/CVE-2013-7254.json +++ b/2013/7xxx/CVE-2013-7254.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.opsview.com/doku.php?id=opsview4.4:changes", - "refsource" : "CONFIRM", - "url" : "http://docs.opsview.com/doku.php?id=opsview4.4:changes" - }, - { - "name" : "56096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56096" - }, - { - "name" : "opsview-unspecified-xss(89934)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opsview-unspecified-xss(89934)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89934" + }, + { + "name": "http://docs.opsview.com/doku.php?id=opsview4.4:changes", + "refsource": "CONFIRM", + "url": "http://docs.opsview.com/doku.php?id=opsview4.4:changes" + }, + { + "name": "56096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56096" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7282.json b/2013/7xxx/CVE-2013-7282.json index b3dca63645a..5c7b052e451 100644 --- a/2013/7xxx/CVE-2013-7282.json +++ b/2013/7xxx/CVE-2013-7282.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a \"Cookie: :language=en\" HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ampliasecurity.com/advisories/AMPLIA-ARA050913.txt", - "refsource" : "MISC", - "url" : "http://www.ampliasecurity.com/advisories/AMPLIA-ARA050913.txt" - }, - { - "name" : "http://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a \"Cookie: :language=en\" HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html", + "refsource": "MISC", + "url": "http://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html" + }, + { + "name": "http://www.ampliasecurity.com/advisories/AMPLIA-ARA050913.txt", + "refsource": "MISC", + "url": "http://www.ampliasecurity.com/advisories/AMPLIA-ARA050913.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10044.json b/2017/10xxx/CVE-2017-10044.json index 5d12ffaf543..6af12b67322 100644 --- a/2017/10xxx/CVE-2017-10044.json +++ b/2017/10xxx/CVE-2017-10044.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.1" - }, - { - "version_affected" : "=", - "version_value" : "9.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.1" + }, + { + "version_affected": "=", + "version_value": "9.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99714" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99714" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10114.json b/2017/10xxx/CVE-2017-10114.json index 0fe5932f98f..fd508b0d879 100644 --- a/2017/10xxx/CVE-2017-10114.json +++ b/2017/10xxx/CVE-2017-10114.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 7u141" - }, - { - "version_affected" : "=", - "version_value" : "8u131" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 7u141" + }, + { + "version_affected": "=", + "version_value": "8u131" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" - }, - { - "name" : "DSA-4005", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4005" - }, - { - "name" : "GLSA-201709-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-22" - }, - { - "name" : "RHSA-2017:1790", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1790" - }, - { - "name" : "RHSA-2017:1791", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1791" - }, - { - "name" : "99726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99726" - }, - { - "name" : "1038931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1791", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1791" + }, + { + "name": "RHSA-2017:1790", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1790" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" + }, + { + "name": "DSA-4005", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4005" + }, + { + "name": "1038931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038931" + }, + { + "name": "GLSA-201709-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-22" + }, + { + "name": "99726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99726" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10742.json b/2017/10xxx/CVE-2017-10742.json index c177d8aa3fc..71060555043 100644 --- a/2017/10xxx/CVE-2017-10742.json +++ b/2017/10xxx/CVE-2017-10742.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12860.json b/2017/12xxx/CVE-2017-12860.json index 1d0d57d69c8..27bcb5b6d87 100644 --- a/2017/12xxx/CVE-2017-12860.json +++ b/2017/12xxx/CVE-2017-12860.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Epson \"EasyMP\" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded \"backdoor\" code (2270), which authenticates to all devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rhinosecuritylabs.com/research/epson-easymp-remote-projection-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://rhinosecuritylabs.com/research/epson-easymp-remote-projection-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Epson \"EasyMP\" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded \"backdoor\" code (2270), which authenticates to all devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rhinosecuritylabs.com/research/epson-easymp-remote-projection-vulnerabilities/", + "refsource": "MISC", + "url": "https://rhinosecuritylabs.com/research/epson-easymp-remote-projection-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13556.json b/2017/13xxx/CVE-2017-13556.json index 6f0c7609ae2..a69e2391508 100644 --- a/2017/13xxx/CVE-2017-13556.json +++ b/2017/13xxx/CVE-2017-13556.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13556", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13556", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13792.json b/2017/13xxx/CVE-2017-13792.json index 1aac5528c2d..894471e50bf 100644 --- a/2017/13xxx/CVE-2017-13792.json +++ b/2017/13xxx/CVE-2017-13792.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43167", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43167/" - }, - { - "name" : "https://support.apple.com/HT208219", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208219" - }, - { - "name" : "https://support.apple.com/HT208222", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208222" - }, - { - "name" : "https://support.apple.com/HT208223", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208223" - }, - { - "name" : "https://support.apple.com/HT208224", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208224" - }, - { - "name" : "https://support.apple.com/HT208225", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208225" - }, - { - "name" : "GLSA-201712-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-01" - }, - { - "name" : "1039703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208225", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208225" + }, + { + "name": "https://support.apple.com/HT208222", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208222" + }, + { + "name": "43167", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43167/" + }, + { + "name": "https://support.apple.com/HT208219", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208219" + }, + { + "name": "https://support.apple.com/HT208224", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208224" + }, + { + "name": "GLSA-201712-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-01" + }, + { + "name": "1039703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039703" + }, + { + "name": "https://support.apple.com/HT208223", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208223" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13923.json b/2017/13xxx/CVE-2017-13923.json index 691d51cbc61..9cf69c9f446 100644 --- a/2017/13xxx/CVE-2017-13923.json +++ b/2017/13xxx/CVE-2017-13923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13923", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17023.json b/2017/17xxx/CVE-2017-17023.json index 2f4382c95cd..fcf056b4689 100644 --- a/2017/17xxx/CVE-2017-17023.json +++ b/2017/17xxx/CVE-2017-17023.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17023", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17023", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17365.json b/2017/17xxx/CVE-2017-17365.json index b735d4d158b..01672a92db3 100644 --- a/2017/17xxx/CVE-2017-17365.json +++ b/2017/17xxx/CVE-2017-17365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9059.json b/2017/9xxx/CVE-2017-9059.json index b994922f74e..8124719ac18 100644 --- a/2017/9xxx/CVE-2017-9059.json +++ b/2017/9xxx/CVE-2017-9059.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a \"module reference and kernel daemon\" leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1451386", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1451386" - }, - { - "name" : "https://github.com/torvalds/linux/commit/c70422f760c120480fee4de6c38804c72aa26bc1", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/c70422f760c120480fee4de6c38804c72aa26bc1" - }, - { - "name" : "https://www.spinics.net/lists/linux-nfs/msg63334.html", - "refsource" : "CONFIRM", - "url" : "https://www.spinics.net/lists/linux-nfs/msg63334.html" - }, - { - "name" : "98551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a \"module reference and kernel daemon\" leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451386", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451386" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1" + }, + { + "name": "https://github.com/torvalds/linux/commit/c70422f760c120480fee4de6c38804c72aa26bc1", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/c70422f760c120480fee4de6c38804c72aa26bc1" + }, + { + "name": "https://www.spinics.net/lists/linux-nfs/msg63334.html", + "refsource": "CONFIRM", + "url": "https://www.spinics.net/lists/linux-nfs/msg63334.html" + }, + { + "name": "98551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98551" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0067.json b/2018/0xxx/CVE-2018-0067.json index 71a3f2c331e..8049d1be9e8 100644 --- a/2018/0xxx/CVE-2018-0067.json +++ b/2018/0xxx/CVE-2018-0067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0912.json b/2018/0xxx/CVE-2018-0912.json index aea3d31b4a2..a2a50a5a79a 100644 --- a/2018/0xxx/CVE-2018-0912.json +++ b/2018/0xxx/CVE-2018-0912.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0912", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0912" - }, - { - "name" : "103285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103285" - }, - { - "name" : "1040513", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0912", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0912" + }, + { + "name": "1040513", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040513" + }, + { + "name": "103285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103285" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18548.json b/2018/18xxx/CVE-2018-18548.json index b8c992e9005..fc6156e4a00 100644 --- a/2018/18xxx/CVE-2018-18548.json +++ b/2018/18xxx/CVE-2018-18548.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45691", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45691/" - }, - { - "name" : "http://packetstormsecurity.com/files/149898/AjentiCP-1.2.23.13-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149898/AjentiCP-1.2.23.13-Cross-Site-Scripting.html" - }, - { - "name" : "https://numanozdemir.com/ajenti-xss.txt", - "refsource" : "MISC", - "url" : "https://numanozdemir.com/ajenti-xss.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://numanozdemir.com/ajenti-xss.txt", + "refsource": "MISC", + "url": "https://numanozdemir.com/ajenti-xss.txt" + }, + { + "name": "45691", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45691/" + }, + { + "name": "http://packetstormsecurity.com/files/149898/AjentiCP-1.2.23.13-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149898/AjentiCP-1.2.23.13-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18612.json b/2018/18xxx/CVE-2018-18612.json index 28c52d4904a..36ca3094d3b 100644 --- a/2018/18xxx/CVE-2018-18612.json +++ b/2018/18xxx/CVE-2018-18612.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18612", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18612", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18938.json b/2018/18xxx/CVE-2018-18938.json index c2fc0967bdc..15ec709f3c8 100644 --- a/2018/18xxx/CVE-2018-18938.json +++ b/2018/18xxx/CVE-2018-18938.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuzhicms/wuzhicms/issues/158", - "refsource" : "MISC", - "url" : "https://github.com/wuzhicms/wuzhicms/issues/158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wuzhicms/wuzhicms/issues/158", + "refsource": "MISC", + "url": "https://github.com/wuzhicms/wuzhicms/issues/158" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19363.json b/2018/19xxx/CVE-2018-19363.json index 7adf7319c34..74d33ad11d9 100644 --- a/2018/19xxx/CVE-2018-19363.json +++ b/2018/19xxx/CVE-2018-19363.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19363", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19363", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19740.json b/2018/19xxx/CVE-2018-19740.json index fd65b0a039b..a0e018f82f1 100644 --- a/2018/19xxx/CVE-2018-19740.json +++ b/2018/19xxx/CVE-2018-19740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19740", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19740", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19769.json b/2018/19xxx/CVE-2018-19769.json index ba5f8f1de4b..0bdd4af5529 100644 --- a/2018/19xxx/CVE-2018-19769.json +++ b/2018/19xxx/CVE-2018-19769.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"UserProperties.jsp\" has reflected XSS via the ConnPoolName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/20" - }, - { - "name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"UserProperties.jsp\" has reflected XSS via the ConnPoolName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" + }, + { + "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19999.json b/2018/19xxx/CVE-2018-19999.json index ed0c60fcde7..6ec6c915e90 100644 --- a/2018/19xxx/CVE-2018-19999.json +++ b/2018/19xxx/CVE-2018-19999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19999", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19999", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1056.json b/2018/1xxx/CVE-2018-1056.json index 1acc2b5d1b0..1caf7c39b4e 100644 --- a/2018/1xxx/CVE-2018-1056.json +++ b/2018/1xxx/CVE-2018-1056.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-1056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "advancecomp:", - "version" : { - "version_data" : [ - { - "version_value" : "2.1-2018/02" - } - ] - } - } - ] - }, - "vendor_name" : "amadvance" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "advancecomp:", + "version": { + "version_data": [ + { + "version_value": "2.1-2018/02" + } + ] + } + } + ] + }, + "vendor_name": "amadvance" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180213 [SECURITY] [DLA 1281-1] advancecomp security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html" - }, - { - "name" : "[debian-lts-announce] 20190302 [SECURITY] [DLA 1702-1] advancecomp security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056" - }, - { - "name" : "https://sourceforge.net/p/advancemame/bugs/259/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/advancemame/bugs/259/" - }, - { - "name" : "USN-3570-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3570-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190302 [SECURITY] [DLA 1702-1] advancecomp security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270" + }, + { + "name": "USN-3570-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3570-1/" + }, + { + "name": "[debian-lts-announce] 20180213 [SECURITY] [DLA 1281-1] advancecomp security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html" + }, + { + "name": "https://sourceforge.net/p/advancemame/bugs/259/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/advancemame/bugs/259/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1250.json b/2018/1xxx/CVE-2018-1250.json index b552e042292..12edd1ced51 100644 --- a/2018/1xxx/CVE-2018-1250.json +++ b/2018/1xxx/CVE-2018-1250.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-09-18T04:00:00.000Z", - "ID" : "CVE-2018-1250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell EMC Unity", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.3.1.1525703027 " - } - ] - } - }, - { - "product_name" : "Dell EMC UnityVSA", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.3.1.1525703027 " - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authorization Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-09-18T04:00:00.000Z", + "ID": "CVE-2018-1250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell EMC Unity", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.3.1.1525703027 " + } + ] + } + }, + { + "product_name": "Dell EMC UnityVSA", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.3.1.1525703027 " + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180918 DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/30" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180918 DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/30" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1598.json b/2018/1xxx/CVE-2018-1598.json index c213dec6dd5..2191efdf849 100644 --- a/2018/1xxx/CVE-2018-1598.json +++ b/2018/1xxx/CVE-2018-1598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1598", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1598", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5026.json b/2018/5xxx/CVE-2018-5026.json index 957a033596f..00a97ed6007 100644 --- a/2018/5xxx/CVE-2018-5026.json +++ b/2018/5xxx/CVE-2018-5026.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5912.json b/2018/5xxx/CVE-2018-5912.json index f9d267ee6e7..2b409aa934d 100644 --- a/2018/5xxx/CVE-2018-5912.json +++ b/2018/5xxx/CVE-2018-5912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow in Video." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "105838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow in Video." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "105838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105838" + } + ] + } +} \ No newline at end of file